Managing SAN Devices and Multipathing in Oracle® Solaris 11.2

Exit Print View

Updated: December 2014

How to Configure CHAP Authentication for Your iSCSI Target

This procedure assumes that you are logged in to the local system that contains the iSCSI targets.

  1. Become an administrator.
  2. Determine whether you want to configure unidirectional or bidirectional CHAP.
    • Unidirectional authentication is the default method. Complete steps 3–5 only.

    • For bidirectional authentication. Complete steps 3–7.

  3. Unidirectional/Bidirectional CHAP: Configure the target to require that initiators identify themselves using CHAP.
    target# itadm modify-target -a chap target-iqn
  4. Unidirectional/Bidirectional CHAP: Create an initiator context that describes the initiator.

    Create the initiator context with the initiator's full node name and with the initiator's CHAP secret key.

    target# itadm create-initiator -s initiator-iqn
    Enter CHAP secret: ************
    Re-enter secret: ************
  5. Unidirectional/Bidirectional CHAP: If the initiator uses an alternate CHAP name, then configure the initiator-context with the alternate name.
    target# itadm modify-initiator -u initiator-CHAP-name initiator-iqn
  6. Bidirectional CHAP: Set the target device secret key that identifies this target.
    target# itadm modify-target -s target-iqn
    Enter CHAP secret: ************
    Re-enter secret: ************
  7. (Optional) Bidirectional CHAP: If the target uses an alternate CHAP user name other than the target node name (iqn), modify the target.
    target# itadm modify-target -u target-CHAP-name target-iqn