On 16 Feb 2010 at 10:12, Chandra Seetharaman wrote: > I sent it yesterday.. but for whatever reason, it didn't show up in the > mailing list :( > ------------------------------------------------------------------------- > On Mon, 2010-02-15 at 14:48 -0800, Chandra Seetharaman wrote: > > Found the issue. I was using the same username and password for both > directions. > > Read the RFC (RFC 372) and learned that it is not correct. > ( > Any CHAP secret used for initiator authentication MUST NOT be > configured for authentication of any target, and any CHAP secret used > for target authentication MUST NOT be configured for authentication > of any initiator. > ) > > Changed the username/password to be different on both directions and it does > connect fine.
That restriction makes sense: If you have multiple initiators using two- way CHAP, all the initiators would know the other initiator's secrets then, effectively making authentication useless. (They could authenticate as the other initiator) Regards, Ulrich -- You received this message because you are subscribed to the Google Groups "open-iscsi" group. To post to this group, send email to [email protected]. To unsubscribe from this group, send email to [email protected]. For more options, visit this group at http://groups.google.com/group/open-iscsi?hl=en.
