2.8. Managing iSCSI Users¶
You can restrict access to iSCSI targets by means of CHAP authentication.
To make use of CHAP authentication, you need to:
- Create a CHAP account.
- Create an iSCSI target bound to this CHAP account.
These actions are described in detail in the following subsections.
2.8.1. Creating CHAP Accounts for iSCSI Targets¶
To create a CHAP account, use the vstorage-iscsi account-create command. For example, to create the CHAP account user1:
# vstorage-iscsi account-create -u user1
Enter password:
Verify password:
2.8.2. Creating iSCSI Targets Bound to CHAP Accounts¶
To create an iSCSI target bound to a CHAP account, use the vstorage-iscsi create command with the additional -u option. For example, create a target bound to the CHAP account user1:
# vstorage-iscsi create -n test1 -a 192.168.10.100 -u user1
IQN: iqn.2014-04.com.vstorage:test1
2.8.3. Changing CHAP Account Passwords¶
To change the password of a CHAP account, use the vstorage-iscsi account-set command. For example, to change the password of the CHAP account user1:
# vstorage-iscsi account-set -u user1
Enter password:
Verify password:
The new password will become active after target reboot.
2.8.4. Listing CHAP Accounts and Their iSCSI Targets¶
To list existing CHAP accounts, use the vstorage-iscsi account-list command. For example:
# vstorage-iscsi account-list
user1
To list iSCSI targets assigned to a specific CHAP account, use the vstorage-iscsi account-list command with the -u option. For example, to list iSCSI targets assigned to the CHAP account user1:
# vstorage-iscsi account-list -u user1
iqn.2014-04.com.vstorage:test1