設定 Linux 主機的鑑別

您可以為 Linux 主機設定單向 CHAP 鑑別。

開始之前

系統支援單向 CHAP 鑑別,其中,系統會鑑別主機 iSER 起始器。

程序

如果要設定 Linux 主機的鑑別,請遵循下列步驟:

  1. 使用適當的編輯器,開啟 /etc/iscsi/iscsid.conf/etc/iscsid.conf
  2. 移至 CHAP 設定段落。

    下列範例顯示輸出:

    圖 1. Linux 主機的 CHAP 設定
    #*************
#CHAP Settings
#*************

#To enable CHAP authentication set node.session.auth.authmethod
#to CHAP. The default is None.
#node.session.auth.authmethod = CHAP

#To set a CHAP username and password for initiator
#authentication by the target(s), uncomment the following lines:
#node.session.auth.username = username
#node.session.auth.password = password
node.session.auth.username = rhel_username
node.session.auth.password = xxxxxxxxxxxxx
#To set a CHAP username and password for target(s)
#authentication by the initiator, uncomment the following lines:
#node.session.auth.username_in = username_in
#node.session.auth.password_in = password_in
node.session.auth.password_in = yyyyyyyyyyyyy
#To enable CHAP authentication for a discovery session to the target
#set discovery.sendtargets.auth.authmethod to CHAP. The default is None.
#discovery.sendtargets.auth.authmethod = CHAP
discovery.sendtargets.auth.authmethod = CHAP
#To set a discovery session CHAP username and password for the initiator
#authentication by the target(s), uncomment the following lines:
#discovery.sendtargets.auth.username = username
#discovery.sendtargets.auth.password = password

#To set a discovery session CHAP username and password for target(s)
#authentication by the initiator, uncomment the following lines:
#discovery.sendtargets.auth.username_in = username_in
#discovery.sendtargets.auth.password_in = password_in
  3. 設定單向鑑別。
    1. 設定 CHAP 使用者名稱與密碼給您的起始器名稱。
      1. node.session.auth.authmethod = CHAP
      2. node.session.auth.username = <initiator's user name>
      3. node.session.auth.password = <CHAP secret for host>
    2. 設定探索階段作業 CHAP 使用者名稱與密碼給您的起始器名稱。
      1. discovery.sendtargets.auth.authmethod = CHAP
      2. discovery.sendtargets.auth.username = <initiator's user name>
      3. discovery.sendtargets.auth.password = <CHAP secret for host>
    3. 儲存這些設定。您必須登出任何現行階段作業,並重新探索系統 iSER 目標,以便讓 CHAP 密碼生效。