2.8. Managing iSCSI Users

You can restrict access to iSCSI targets by means of CHAP authentication.

To make use of CHAP authentication, you need to:

  1. Create a CHAP account.
  2. Create an iSCSI target bound to this CHAP account.

These actions are described in detail in the following subsections.

2.8.1. Creating CHAP Accounts for iSCSI Targets

To create a CHAP account, use the vstorage-iscsi account-create command. For example, to create the CHAP account user1:

# vstorage-iscsi account-create -u user1
Enter password:
Verify password:

2.8.2. Creating iSCSI Targets Bound to CHAP Accounts

To create an iSCSI target bound to a CHAP account, use the vstorage-iscsi create command with the additional -u option. For example, create a target bound to the CHAP account user1:

# vstorage-iscsi create -n test1 -a 192.168.10.100 -u user1
IQN: iqn.2014-04.com.vstorage:test1

2.8.3. Changing CHAP Account Passwords

To change the password of a CHAP account, use the vstorage-iscsi account-set command. For example, to change the password of the CHAP account user1:

# vstorage-iscsi account-set -u user1
Enter password:
Verify password:

The new password will become active after target reboot.

2.8.4. Listing CHAP Accounts and Their iSCSI Targets

To list existing CHAP accounts, use the vstorage-iscsi account-list command. For example:

# vstorage-iscsi account-list
user1

To list iSCSI targets assigned to a specific CHAP account, use the vstorage-iscsi account-list command with the -u option. For example, to list iSCSI targets assigned to the CHAP account user1:

# vstorage-iscsi account-list -u user1
iqn.2014-04.com.vstorage:test1