2.7. Managing CHAP Accounts

The Challenge-Handshake Authentication Protocol (CHAP) provides a way to restrict access to targets and their LUNs by requiring a user name and a password from the initiator. CHAP accounts apply to entire target groups. Fibre Channel target groups do not use CHAP. .. see also in admin guide.

To use CHAP, enable it for the target group:

# vstorage-target tg-auth -enable-chap -id <tg_ID>

2.7.1. Creating and Listing CHAP Accounts

To create a CHAP account, use the vstorage-target account-create command. For example:

# vstorage-target account-create -user user1 -desc "User for TG1"
Enter Password:

The password must be 12 to 16 characters long.

To list existing CHAP accounts and their details, use the vstorage-target account-list command.

2.7.2. Changing CHAP Account Details

To change the password or description of a CHAP account, use the vstorage-target account-set command. For example:

# vstorage-target account-set description -user user1 -desc "A new description"
# vstorage-target account-set password -user user1
Enter Password:

2.7.3. Assigning CHAP Accounts to Target Groups

To assign a CHAP account to a target group, use the vstorage-target tg-chap command. For example:

# vstorage-target tg-chap set -id faeacacd-eba6-416c-9a7f-b5ba9e372e16 -user user1

To remove an assignment, run

# vstorage-target tg-chap del -id faeacacd-eba6-416c-9a7f-b5ba9e372e16 -user user1

2.7.4. Deleting CHAP Accounts

To delete an unused CHAP account, use the vstorage-target account-delete command. For example:

# vstorage-target account-delete -user user1