Configuring system iSCSI or iSER authentication by using the CLI

You can use the command-line interface (CLI) to configure the system to authenticate with iSCSI or iSER-attached hosts by using the Challenge-Handshake Authentication Protocol (CHAP). After the CHAP is set for the system, all attached hosts must be configured to authenticate. When you are troubleshooting a problem, you can delay your configuration of the CHAP authentication until after you configure the first one or two hosts and test their connectivity.

1. To configure CHAP authentication for an iSCSI or iSER host, enter the following CLI command:

   chhost -iscsiusername iscsi_username -chapsecret chap_secret host_name

   Where iscsi_username is the user name, chap_secret is the CHAP secret to be used to authenticate the system via iSCSI or iSER, and host_name is the name of the iSCSI or iSER host. The chap_secret value must be 12 characters. If you do not specify the iSCSI user name, the initiator's IQN is taken as the user name for one-way CHAP authentication.
2. To set the authentication method for the iSCSI or iSER communications of the system, enter the following CLI command:

   chsystem -iscsiauthmethod chap -chapsecret chap_secret

   Where chap specifies that CHAP is the authentication method and chap_secret is the CHAP secret to be used. The specified CHAP secret cannot begin or end with a space.
3. To clear all CHAP secrets for iSCSI or iSER authentication that were previously set, enter the following CLI command:

   chsystem -nochapsecret 

   If the chapsecret parameter is specified, the nochapsecret parameter is not allowed.
4. Run the lsiscsiauth command to display the Challenge Handshake Authentication Protocol (CHAP) secret that you configured.