Hi Ronnie, On Wed, 2010-03-03 at 08:21 +1100, ronnie sahlberg wrote: > On Wed, Mar 3, 2010 at 8:12 AM, Chandra Seetharaman <sekharan@xxxxxxxxxx> wrote: > > > > > > On Tue, 2010-03-02 at 21:50 +0100, Tomasz Chmielewski wrote: > >> On 02.03.2010 01:35, Chandra Seetharaman wrote: > >> > Looks like it will lead to confusion if we allow the account to be > >> > defined at the target level. > >> > > >> > May be we should define the account (account name and password) at the > >> > global level and have just the "association" at the target level, what > >> > do you think ? > >> > >> Any recommendations for targets.conf format? > >> > > > > At the global level, we could have > > > > user accountname1 password1 > > user accountname2 password2 > > : > > : > > : > > and under target, > > > > incominguser accountname1 > > outgoinguser accountname2 > > > > With the recent addition of discovery chap authentication, we need to > > also add a "global-incominguser" and "global-outgoinguser", like > > > > global-incominguser accountname1 > > global-outgoinguser accountname2 > > > > What do you think ? Comments anybody ? > > > > May be it should be discovery-incominguser instead of > > global-incominguser ? > > Is it useful to have / allow different users for authentication for > discovery vs normal login? > open-iscsi has an option to provide both differently. But, I haven't seen any requirement in the RFC. > If it is not, maybe keep incominguser/outgoinguser and have it apply > to both logins > and then add a new > > discovery-authentication = no|required > > to control if discovery sessions need authentication or not. > We could do that. But, the target username and password comes into picture _only_ after the initiator finds out what targets are present. In order for the initiator to get the list of targets, initiator need to provide the discovery password. If one has multiple targets with different users (i.e target1 has user1 and target2 has user2 etc.,), then there will be a problem about which target's user to be used with discovery. So, we will need a interface that provides a single global user for discovery and different users for each targets. Note that same user can be used between targets and for discovery(i.e One can specify user user1 as incoming user for target1, target2 and discovery). > > > > > Thanks, > > > > chandra > > > > > >> > > > > -- > > To unsubscribe from this list: send the line "unsubscribe stgt" in > > the body of a message to majordomo@xxxxxxxxxxxxxxx > > More majordomo info at http://vger.kernel.org/majordomo-info.html > > > -- > To unsubscribe from this list: send the line "unsubscribe stgt" in > the body of a message to majordomo@xxxxxxxxxxxxxxx > More majordomo info at http://vger.kernel.org/majordomo-info.html -- To unsubscribe from this list: send the line "unsubscribe stgt" in the body of a message to majordomo@xxxxxxxxxxxxxxx More majordomo info at http://vger.kernel.org/majordomo-info.html