Thanks Shyam. So in this case target replies with NONE as it has choosen NONE between CHAP and NONE.
Here initiator is asking for authentication and Target is not ready for authentication. In this scenario authentication should fail. Right? To make authentication strict, initiator should only pass "CHAP" as Authentication parameter rather than passing "CHAP,NONE". So if target is not supporting CHAP it will reply with "Reject" and auth will fail. On the other side, if initiator doesn't set CHAP and target sets CHAP, Authentication Fails, which is perfect. Thanks Nand On Aug 27, 1:36 pm, <[EMAIL PROTECTED]> wrote: > Nandkumar wrote: > > Here is what initiator and taget passes to each other while iscsi > > negotiation phase. Assuming CHAP is only enabled on initiator and not on > target. > > > 1) Initiator pass "CHAP,NONE" as Authentication parameter. > > 2) Target replies with "NONE". > > 3) Both will settle on "NONE" as Authentication parameter. > > The negotiation is succeding with None as the parameter because of the > following text from the rfc. > > "The target MUST reply with the first option in the list it > supports and is allowed to use for the specific initiator unless > it does not support any, in which case it MUST answer with > "Reject" (see Section 5.2 Text Mode Negotiation)." > So, since there is no reject from the Target which supports None as the > authentication parameter the login will succeed. > Thanks, > Shyam Iyer --~--~---------~--~----~------------~-------~--~----~ You received this message because you are subscribed to the Google Groups "open-iscsi" group. To post to this group, send email to open-iscsi@googlegroups.com To unsubscribe from this group, send email to [EMAIL PROTECTED] For more options, visit this group at http://groups.google.com/group/open-iscsi -~----------~----~----~----~------~----~------~--~---
