.. _Managing CHAP Accounts:

Managing CHAP Accounts
----------------------

The Challenge-Handshake Authentication Protocol (CHAP) provides a way to restrict access to targets and their LUNs by requiring a user name and a password from the initiator. CHAP accounts apply to entire target groups. Fibre Channel target groups do not use CHAP.

To use CHAP, enable it for the target group:

::

   # vstorage-target tg-auth -enable-chap -id <tg_ID>

.. _Creating and Listing CHAP Accounts:

Creating and Listing CHAP Accounts
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

To create a CHAP account, use the ``vstorage-target account-create`` command. For example:

::

   # vstorage-target account-create -user user1 -desc "User for TG1"
   Enter Password:

The password must be 12 to 16 characters long.

To list existing CHAP accounts and their details, use the ``vstorage-target account-list`` command.

.. _Changing CHAP Account Details:

Changing CHAP Account Details
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

To change the password or description of a CHAP account, use the ``vstorage-target account-set`` command. For example:

::

   # vstorage-target account-set description -user user1 -desc "A new description"
   # vstorage-target account-set password -user user1
   Enter Password:

Assigning CHAP Accounts to Target Groups
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

To assign a CHAP account to a target group, use the ``vstorage-target tg-chap`` command. For example:

::

   # vstorage-target tg-chap set -id faeacacd-eba6-416c-9a7f-b5ba9e372e16 -user user1

To remove an assignment, run

::

   # vstorage-target tg-chap del -id faeacacd-eba6-416c-9a7f-b5ba9e372e16 -user user1

.. _Deleting CHAP Accounts:

Deleting CHAP Accounts
~~~~~~~~~~~~~~~~~~~~~~

To delete an unused CHAP account, use the ``vstorage-target account-delete`` command. For example:

::

   # vstorage-target account-delete -user user1