Working With Iscsi Chaps - Promise Technology 1000f series Product Manual

5. Highlight, press the backspace key to erase the current value, and type a
value for each of the following items:
• iSNS Server IP address
• iSNS Server Port number (3205 for most applications)
6. Press Ctrl-A to save your settings.

Working with iSCSI CHAPs

Challenge Handshake Authentication Protocol (CHAP) is an authentication
mechanism used to authenticate iSCSI sessions between initiators and targets.
The authenticator sends the peer a challenge message to request authentication
consisting of a sequence number and a random number. Both the sender and
peer share a predefined secret or password. The peer concatenates the
sequence number, the random value, and the secret and calculates a hash using
a one-way hash algorithm such as MD5. The peer sends the hash value back to
the authenticator, which in turn builds that same string on its side, calculates the
hash, and compares the result with the value received from the peer. If the values
match, the peer is authenticated. The authenticator then initiates CHAP sessions
at random time intervals incrementing the sequence number each new challenge
session to protect against replay attacks.
With PROMISE subsystems, CHAP secrets cannot be assigned to individual
LUNS. Use LUN mapping and masking to restrict LUN access to a unique
initiator. A single target CHAP secret should not be shared among multiple
initiators.
Edge Side Includes (ESI) is a markup language that enables
dynamic assembly of web page elements in servers across a
network. This feature enables automatically if iSNS is enabled and
an iSNS server is present.
Enable CHAP Authentication under iSCSI Node settings. See
page 255.
Chapter 6: Management with the CLU
Note
Note
259