Thanks Shyam.
So in this case target replies with NONE as it has choosen NONE
between CHAP and NONE.
Here initiator is asking for authentication and Target is not ready
for authentication. In this scenario authentication should fail.
Right?
To make authentication strict, initiator should only pass CHAP as
Authentication parameter rather than passing CHAP,NONE. So if target
is not supporting CHAP it will reply with Reject and auth will fail.
On the other side, if initiator doesn't set CHAP and target sets CHAP,
Authentication Fails, which is perfect.
Thanks
Nand
On Aug 27, 1:36 pm, [EMAIL PROTECTED] wrote:
Nandkumar wrote:
Here is what initiator and taget passes to each other while iscsi
negotiation phase. Assuming CHAP is only enabled on initiator and not on
target.
1) Initiator pass CHAP,NONE as Authentication parameter.
2) Target replies with NONE.
3) Both will settle on NONE as Authentication parameter.
The negotiation is succeding with None as the parameter because of the
following text from the rfc.
The target MUST reply with the first option in the list it
supports and is allowed to use for the specific initiator unless
it does not support any, in which case it MUST answer with
Reject (see Section 5.2 Text Mode Negotiation).
So, since there is no reject from the Target which supports None as the
authentication parameter the login will succeed.
Thanks,
Shyam Iyer
--~--~-~--~~~---~--~~
You received this message because you are subscribed to the Google Groups
open-iscsi group.
To post to this group, send email to open-iscsi@googlegroups.com
To unsubscribe from this group, send email to [EMAIL PROTECTED]
For more options, visit this group at http://groups.google.com/group/open-iscsi
-~--~~~~--~~--~--~---