Using Local CHAP Accounts for Initiator Authentication

Local CHAP is not dependent on any external system and is generally used if you have only a few CHAP users. Up to 100 local CHAP accounts are supported.

To add local CHAP accounts for initiator authentication, click:

Group Configuration > iSCSI tab

The Group iSCSI window appears (Figure 13: Group iSCSI ).

Figure 13: Group iSCSI

In the Local CHAP Accounts panel, click Add. The Add CHAP Account dialog box appears (Figure 14: Add CHAP Account ). Specify a CHAP user name and password. If you leave the password field blank, a password will be generated automatically.

Figure 14: Add CHAP Account

Note: For optimal security, passwords used in CHAP authentication should contain at least 12 characters (preferably random). Individual initiators may have their own rules and restrictions for length and format. Consult the initiator documentation for details.

By default, a CHAP account is enabled. To disable the account, de-select Enable CHAP account. Later, you can enable the account to activate it. Click OK to create the account.

In addition, to prevent hosts from discovering targets for which they are not authorized, in the iSCSI Discovery panel of the Group iSCSI window (Figure 13: Group iSCSI ), select Prevent unauthorized hosts from discovering targets. Otherwise, initiators that support discovery will attempt to log in to the target, even if they do not have the right access credentials, resulting in a large number of events logged in the group and an inefficient use of resources.

To modify or delete a local CHAP account, in the Local CHAP Accounts panel, select the account name and click Modify or Delete, as desired.

After creating the CHAP account, create an access control record for a volume and specify the CHAP user name in the record. To access the volume, a host must supply the user name and its password. A host must meet all the requirements in one access control record to access the volume. See Managing Access Controls for Volumes and Snapshots for more information.