On 29 Apr 2009 at 11:25, Mike Christie wrote: > > Ulrich Windl wrote: > > On 28 Apr 2009 at 7:10, HIMANSHU wrote: > > > >> One more question analogues to this. > >> > >> Suppose I login to 1st target from machine 30.12,it was having node > >> authentication.so I saved its credentials in iscsid.conf and then I > >> fired the discovery command followed by login command.It was > >> successful and those credentials also got stored in nodes and > >> send_targets. > >> > >> Then if I want to login to 2nd target which is also having node > >> authentication from same machine,I am overwriting same iscsid.conf > >> file.So I am loosing my previous credentials from iscsid.conf.Also > >> after discovery,I am loosing previous target information from nodes > >> and send_targets. > > > > Hi, > > > > I'm no expert, but I think the credentials are stored per node/target in > > the > > "iSCSI database" (like /etc/iscsi/send_targets/* and /etc/iscsi/nodes/*/*). > > Yeah, that is correct. When you run the discovery command or manual > addition command, iscsiadm will read iscsid.conf and use those for the > initial defaults for what gets created in those dirs. You can then > change what is in those dirs using iscsiadm -m node -o update.... > > > /etc/iscsi.conf just has the defaults. Probably it would be better to never > > touch > > the iscsid.conf, but provide auth information when discovering targets or > > loggin > > in to nodes/targets. However then the "secrets" would be on the command > > line (and > > process list, etc). > > > > I was thinking he has a issue where one target needs one set of CHAP > values for the discovery session, then they need another set of CHAP > values for another discovery session to another target. For this type of > setup, you have to edit iscsid.conf, run iscsiadm -m discovery ..., then > edit iscsid.conf again and then run iscsiadm -m discovery ... to the > other target.
Hi, That sounds like a workaround for some design deficit. Why not have a more flexible approach like ~/.netrc (a file that stores authentication information for several systems, keeping secrets away from the command line and the process list). I mean an option for discovery like "--credentials-file=~/iscsi-credentials-for- ...". You get the idea? Regards, Ulrich --~--~---------~--~----~------------~-------~--~----~ You received this message because you are subscribed to the Google Groups "open-iscsi" group. To post to this group, send email to open-iscsi@googlegroups.com To unsubscribe from this group, send email to open-iscsi+unsubscr...@googlegroups.com For more options, visit this group at http://groups.google.com/group/open-iscsi -~----------~----~----~----~------~----~------~--~---