Hardware manual
Group Administration iSCSI target security
8–3
Note: For optimal security, passwords must contain at least 12 characters (preferably random). Individual
iSCSI initiators have their own rules and restrictions for length and format. Consult your initiator
documentation for details.
• Select whether to enable the account. You
must enable an account to use it for initiator authentication. You
can later modify an account and enable or disable it.
• Click
OK.
5. In the Group iSCSI window, click
Save all changes (Control+S).
After creating the CHAP account, you can create an access control reco
rd and use the CHAP user name in the
record. See Configuring access control records.
If you want to enable target authentication
(for mutual authentication), see Configuring target authentication on
page 8-4.
Modifying a local CHAP account
1. Click Group, then Group Configuration, and then the iSCSI tab. The Group Configuration – iSCSI
window appears.
2. Select the account name in the Loca
l CHAP Accounts panel and click Modify.
3. Change the name or password or enable or disable the account.
4. Click
OK.
Deleting a local CHAP account
1. Click Group, then Group Configuration, then the iSCSI tab. The Group Configuration – iSCSI window
appears.
2. Select the account name in the Local CHAP Accounts panel.
3. Click
Delete.
Using CHAP accounts on a RADIUS authentication server
To use a CHAP account on an external RADIUS authentication server for iSCSI initiator authentication:
1. Set up the RADIUS server and CHAP accounts. See the prerequisites in Using RADIUS authentication and
accounting servers on
page 4-9.
Recommendation: The RAD
IUS server must be accessible to all the group members.
2. Click
Group, then Group Configuration, and then the iSCSI tab. The Group Configuration – iSCSI
window appears. See Table 8-2.
3. In the iSCSI Authentication panel, select
Enable RADIUS authentication for iSCSI initiators.
4. Optionally, select
Consult locally defined CHAP accounts first.