Mike Christie wrote: > On 09/29/2009 08:46 AM, Hannes Reinecke wrote: >> Some iSCSI implementations (eg HP) is using an empty username for >> CHAP negotiations. So we should be allowing the same. >> > > Do we need this support for discovery? There is one other one auth setup > function in discovery.c:setup_authentication(). Not sure why we have two > almost identical functions there. Probably due to how it is all > compiled. Do not worry about the duplication in this patch. We can just > fix up discovery.c:setup_authentication(). > Yes, we also need to support an empty username for discovery. And I seriously think if we shouldn't redesign the discovery node database: Currently we're storing the _detected_ target names under /etc/iscsi/send_targets, ie we have to preset the CHAP variables in /etc/iscsid.conf. But this makes it impossible to have different settings for different portals; one iSCSI portal might require CHAP authentication discovery, the next might not, and another one might have a different username/password.
It would be far more sensible to store the settings for the _portal_ under /etc/iscsi/send_targets, too; this would allow us to modify them via -o update and have different settings for different targets. > Can you have a empty incoming username? If so I think we need to modify > acl_chap_auth_request like how you did to acl_set_user_name. No, not what I've seen so far; but I haven't been exactly successful here. I'll dig further here. BTW, would it be sensible to support both methods if CHAP is enabled? Currently we're only setting the auth method to either 'CHAP' or 'None'. We means we cannot login to a target which just supports 'None' when we set the record to 'CHAP'. Any specific reason? Methinks it'd be far more sensible to announce 'CHAP,None' whenever CHAP is selected. And to allow login with no credentials, too, in this case. Comments? Cheers, Hannes -- Dr. Hannes Reinecke zSeries & Storage h...@suse.de +49 911 74053 688 SUSE LINUX Products GmbH, Maxfeldstr. 5, 90409 Nürnberg GF: Markus Rex, HRB 16746 (AG Nürnberg) --~--~---------~--~----~------------~-------~--~----~ You received this message because you are subscribed to the Google Groups "open-iscsi" group. To post to this group, send email to firstname.lastname@example.org To unsubscribe from this group, send email to open-iscsi+unsubscr...@googlegroups.com For more options, visit this group at http://groups.google.com/group/open-iscsi -~----------~----~----~----~------~----~------~--~---