7.7. Managing CHAP accounts¶
The Challenge-Handshake Authentication Protocol (CHAP) provides a way to restrict access to targets and their LUNs by requiring a user name and a password from the initiator. CHAP accounts apply to entire target groups. Fibre Channel target groups do not use CHAP.
To use CHAP, enable it for the target group:
# vstorage-target tg-auth -enable-chap -id <tg_ID>
7.7.1. Creating and listing CHAP accounts¶
To create a CHAP account, use the vstorage-target account-create
command. For example:
# vstorage-target account-create -user user1 -desc "User for TG1"
Enter Password:
The password must be 12 to 16 characters long.
To list existing CHAP accounts and their details, use the vstorage-target account-list
command.
7.7.2. Changing CHAP account details¶
To change the password or description of a CHAP account, use the vstorage-target account-set
command. For example:
# vstorage-target account-set description -user user1 -desc "A new description"
# vstorage-target account-set password -user user1
Enter Password:
7.7.3. Assigning CHAP accounts to target groups¶
To assign a CHAP account to a target group, use the vstorage-target tg-chap
command. For example:
# vstorage-target tg-chap set -id faeacacd-eba6-416c-9a7f-b5ba9e372e16 -user user1
To remove an assignment, run
# vstorage-target tg-chap del -id faeacacd-eba6-416c-9a7f-b5ba9e372e16 -user user1
7.7.4. Deleting CHAP accounts¶
To delete an unused CHAP account, use the vstorage-target account-delete
command. For example:
# vstorage-target account-delete -user user1