This procedure shows how to configure a CHAP identity in iSCSI. To enable the target to authenticate the initiator, you must set the CHAP identity on the initiator.
For more information, see Using Your Assigned Administrative Rights in Securing Users and Processes in Oracle Solaris 11.4.
initiator# iscsiadm modify initiator-node --CHAP-secret Enter CHAP secret: ************ Re-enter secret: ************
The length of the CHAP secret key for the COMSTAR iSCSI target must be a minimum of 12 characters and a maximum of 255 characters. Some initiators support only a shorter maximum length for the secret key.
In the Oracle Solaris OS, the CHAP user name is set to the initiator or target node name (the iqn name) by default. The CHAP user name can be set to any length of text that is less than 512 bytes.
initiator# iscsiadm modify initiator-node --CHAP-name new-CHAP-name
initiator# iscsiadm modify initiator-node --authentication CHAP
CHAP requires the initiator node to have a user name and a password. The user name is typically used by the target to look up the secret key for the given user name.
This step completes the setup of unidirectional CHAP authentication. Continue with the remaining steps if you want to set up bidirectional CHAP authentication.
Enable CHAP authentication for a specific iSCSI target by configuring iSCSI initiator to perform CHAP authentication of an iSCSI target.
initiator# iscsiadm modify target-param -B enable target-iqn
initiator# iscsiadm modify target-param --authentication CHAP target-iqn
initiator# iscsiadm modify target-param --CHAP-secret target-iqn
By default, the CHAP name of the target is set to the target name. If the target uses a custom name, set the CHAP name that identifies the target.
initiator# iscsiadm modify target-param --CHAP-name target-CHAP-name
For more information about how to configure CHAP authentication for an iSCSI target, see How to Configure CHAP Authentication for an iSCSI Target in Managing Devices in Oracle Solaris 11.4.