1,651 瀏覽數

RHEL5 – iSCSI 相互 CHAP incoming / outgoing 驗證

相互 CHAP 驗證:CHAP 的認證端可為 Target(Incoming Authentication) 或是 Initiator(Outgoing Authentication) 任一端來認證.也就是說 Target(Incoming Authentication) 是由 Target 端為 Initiator 認證.這樣的認證方式可以允許多個 Initiator 來連接到 Target.而 Initiator(Outgoing Authentication) 是由 Initiator 來認證 Target 端.

之前我們都是在 Target 端設定帳號密碼,這就是使用 Incoming Authentication 是由 Target 端為 Initiator 認證.要同時使用 Outgoing Authentication 也很簡單.只要指定 outgoing 的 user 和 password

剛剛已經設定過 Incoming 的認證方式,現在要透過 "tgtadm" 來建立 Outgoing 的認證.

[root@benjr ~]# tgtadm –lld iscsi –op new –mode account –user in_benjr –password in_benjr –outgoing
[root@benjr ~]# tgtadm –lld iscsi –op show –mode account
Account list:
    benjr
    in_benjr

帳號是建立好了還要將他指定到哪一個 target.

[root@benjr ~]# tgtadm –lld iscsi –op bind –mode account –tid 1 –user benjr –outgoing
[root@benjr ~]# tgtadm –lld iscsi –op show –mode target
Target 1: iqn.2009-4.tw.benjr:storage
    System information:
        Driver: iscsi
        Status: running
    I_T nexus information:
        I_T nexus: 4
            Initiator: iqn.1994-05.com.redhat:116f23e2ef8
            Connection: 0
                IP Address: 192.8.1.121
    LUN information:
        LUN: 0
            Type: controller
            SCSI ID: deadbeaf1:0
            SCSI SN: beaf10
            Size: 0
            Backing store: No backing store
        LUN: 1
            Type: disk
            SCSI ID: deadbeaf1:1
            SCSI SN: beaf11
            Size: 9G
            Backing store: /dev/sdb1
    Account information:
        benjr
        in_benjr  (outgoing)
    ACL information:
        ALL

iSCSI initiator 如要使用 Outgoing CHAP ,我們需要修改 /etc/iscsi/iscsid.conf, node.session.auth.username_in 和 node.session.auth.password_in 都要修改剛剛設定好的

[root@benjr ~]# cat /etc/iscsi/iscsid.conf
node.session.auth.username = benjr
node.session.auth.password = benjr
node.session.auth.username_in = in_benjr
node.session.auth.password _in= in_benjr

發表迴響