Tomo, Please find attach a patch to the tgtadm manpage that adds a section on how to set up CHAP authentication for initiators. regards ronnie sahlberg
Attachment:
0001-Add-chap-documentation.patch.gz
Description: GNU Zip compressed data
From e5d2640e47431e6e1c7985b501e6f2413c242c05 Mon Sep 17 00:00:00 2001
From: Ronnie Sahlberg <ronniesahlberg@xxxxxxxxx>
Date: Sat, 19 Feb 2011 19:22:33 +1100
Subject: [PATCH] Add chap documentation
Signed-off-by: Ronnie Sahlberg <ronniesahlberg@xxxxxxxxx>
---
doc/htmlpages/tgtadm.8.html | 69 ++++++++++++++++++++++++++++++++++++++-----
doc/manpages/tgtadm.8 | 59 +++++++++++++++++++++++++++++++++++-
doc/tgtadm.8.xml | 51 +++++++++++++++++++++++++++++++
3 files changed, 169 insertions(+), 10 deletions(-)
diff --git a/doc/htmlpages/tgtadm.8.html b/doc/htmlpages/tgtadm.8.html
index f945079..b8dcce2 100644
--- a/doc/htmlpages/tgtadm.8.html
+++ b/doc/htmlpages/tgtadm.8.html
@@ -1,7 +1,7 @@
-<html><head><meta http-equiv="Content-Type" content="text/html; charset=ISO-8859-1"><title>tgtadm</title><meta name="generator" content="DocBook XSL Stylesheets V1.75.2"></head><body bgcolor="white" text="black" link="#0000FF" vlink="#840084" alink="#0000FF"><div class="refentry" title="tgtadm"><a name="tgtadm.8"></a><div class="titlepage"></div><div class="refnamediv"><h2>Name</h2><p>tgtadm — Linux SCSI Target Administration Utility</p></div><div class="refsynopsisdiv" title="Synopsis"><h2>Synopsis</h2><div class="cmdsynopsis"><p><code class="command">tgtadm [OPTIONS]...</code> [-C --control-port <port>] [-L --lld <driver>] [-o --op <operation>] [-m --mode <mode>] [-t --tid <id>] [-T --targetname <targetname>] [-Y --device-type <type>] [-l --lun <lun>] [-b --backing-store <path>] [-E --bstype <type>] [-I --initiator-address <address>] [-n --name <parameter>] [-v --value <value>] [-P --params <param=value[,param=value...]>] [-h --help]</p></div></div><div class="refsect1" title="DESCRIPTION"><a name="id415940"></a><h2>DESCRIPTION</h2><p>
+<html><head><meta http-equiv="Content-Type" content="text/html; charset=ISO-8859-1"><title>tgtadm</title><meta name="generator" content="DocBook XSL Stylesheets V1.75.2"></head><body bgcolor="white" text="black" link="#0000FF" vlink="#840084" alink="#0000FF"><div class="refentry" title="tgtadm"><a name="tgtadm.8"></a><div class="titlepage"></div><div class="refnamediv"><h2>Name</h2><p>tgtadm — Linux SCSI Target Administration Utility</p></div><div class="refsynopsisdiv" title="Synopsis"><h2>Synopsis</h2><div class="cmdsynopsis"><p><code class="command">tgtadm [OPTIONS]...</code> [-C --control-port <port>] [-L --lld <driver>] [-o --op <operation>] [-m --mode <mode>] [-t --tid <id>] [-T --targetname <targetname>] [-Y --device-type <type>] [-l --lun <lun>] [-b --backing-store <path>] [-E --bstype <type>] [-I --initiator-address <address>] [-n --name <parameter>] [-v --value <value>] [-P --params <param=value[,param=value...]>] [-h --help]</p></div></div><div class="refsect1" title="DESCRIPTION"><a name="id355729"></a><h2>DESCRIPTION</h2><p>
tgtadm is used to monitor and modify everything about Linux SCSI target
software: targets, volumes, etc.
- </p></div><div class="refsect1" title="OPTIONS"><a name="id415951"></a><h2>OPTIONS</h2><div class="variablelist"><pre class="screen">
+ </p></div><div class="refsect1" title="OPTIONS"><a name="id355740"></a><h2>OPTIONS</h2><div class="variablelist"><pre class="screen">
Possible device-types are:
disk : emulate a disk device
tape : emulate a tape reader
@@ -54,7 +54,7 @@ Possible backend types are:
Sets/changes the value of one or more parameters.
</p></dd><dt><span class="term"><code class="option">--help</code></span></dt><dd><p>
Display a list of available options and exits.
- </p></dd></dl></div></div><div class="refsect1" title="LUN PARAMETERS"><a name="id416196"></a><h2>LUN PARAMETERS</h2><p>
+ </p></dd></dl></div></div><div class="refsect1" title="LUN PARAMETERS"><a name="id355985"></a><h2>LUN PARAMETERS</h2><p>
These parameters are only applicable for "--mode logicalunit".
</p><div class="variablelist"><pre class="screen">
Example:
@@ -128,7 +128,7 @@ tgtadm --lld iscsi --mode logicalunit --op update --tid 1 --lun 1 \
refuse any attempts to write data to it.
</p><p>
This parameter only applies to DISK devices.
- </p></dd></dl></div></div><div class="refsect1" title="SMC SPECIFIC LUN PARAMETERS"><a name="id416369"></a><h2>SMC SPECIFIC LUN PARAMETERS</h2><p>
+ </p></dd></dl></div></div><div class="refsect1" title="SMC SPECIFIC LUN PARAMETERS"><a name="id356158"></a><h2>SMC SPECIFIC LUN PARAMETERS</h2><p>
These parameters are only applicable for luns that are of type "changer"
i.e. the media changer device for a DVD Jukebox or a Virtual Tape Library.
</p><div class="variablelist"><pre class="screen">
@@ -213,7 +213,7 @@ Slot types:
To assign a media image file to a storage element slot,
you assign "barcode" to be the name of the image file in
the "media_home" directory.
- </p></dd></dl></div></div><div class="refsect1" title="Passthrough devices"><a name="id416529"></a><h2>Passthrough devices</h2><p>
+ </p></dd></dl></div></div><div class="refsect1" title="Passthrough devices"><a name="id356318"></a><h2>Passthrough devices</h2><p>
In addition to device emulation TGTD also supports utilizing existing SG devices on the host and exporting these through a special passthrough device type.
</p><dt><span class="term"><code class="option">--bstype=sg</code></span></dt><dd><p>
This specifies that an SG devices is used.
@@ -226,7 +226,60 @@ Example:
Make /dev/sg4 available to initiators connecting to TGTD.
tgtadm --lld iscsi --op new --mode logicalunit --tid 1 --lun 1 --bstype=sg --device-type=pt --backing-store=/dev/sg4
- </pre></div><div class="refsect1" title="iSNS PARAMETERS"><a name="id416588"></a><h2>iSNS PARAMETERS</h2><p>
+ </pre></div><div class="refsect1" title="Header Digest and Data Digest"><a name="id356377"></a><h2>Header Digest and Data Digest</h2><p>
+ Header and data digests can be set on a per target parameter.
+ TGTD supports two modes, None and CRC32C.
+ When the digest is set to None, TDTD will negotiate that digests
+ will not be used, and when CRC32C is set, TGTD will force the
+ connection to use digest.
+ </p><div class="refsect2" title="Viewing the current settings"><a name="id356387"></a><h3>Viewing the current settings</h3><p>
+ This command is used to view the current settings for header/data
+ digest.
+ </p><pre class="screen">
+tgtadm --op show --mode target --tid 1
+ ...
+ HeaderDigest=None
+ DataDigest=None
+ ...
+ </pre></div><div class="refsect2" title="Setting digest"><a name="id356403"></a><h3>Setting digest</h3><pre class="screen">
+Set header digest to CRC32C:
+tgtadm --op update --mode target --tid 1 -n HeaderDigest -v CRC32C
+
+Set data digest to None:
+tgtadm --op update --mode target --tid 1 -n DataDigest -v None
+ </pre></div></div><div class="refsect1" title="CHAP Authentication"><a name="id356417"></a><h2>CHAP Authentication</h2><p>
+ CHAP authentication is supported to require authentication before
+ an initiator is allowed to log in and access devices.
+ TGTD supports setting CHAP for normal log in sessions only, not
+ for discovery sessions. Discovery sessions are always possible
+ without authentication.
+ </p><p>
+ CHAP authentication is set on the target level.
+ To set up CHAP authentication we first need to create an account
+ and its associated password, then we bind the account to one or more
+ targets.
+ </p><div class="refsect2" title="Setting CHAP on a target"><a name="id356433"></a><h3>Setting CHAP on a target</h3><p>
+ These two commands create a user account and binds it to target 1.
+ </p><pre class="screen">
+tgtadm --lld iscsi --op new --mode account --user ronnie --password password
+tgtadm --lld iscsi --op bind --mode account --tid 1 --user ronnie
+ </pre></div><div class="refsect2" title="List all accounts"><a name="id356449"></a><h3>List all accounts</h3><p>
+ This command is used to list all accounts that have been created.
+ </p><pre class="screen">
+tgtadm --lld iscsi --op show --mode account
+Account list:
+ ronnie
+ </pre></div><div class="refsect2" title="Show if a target requires authentication"><a name="id356465"></a><h3>Show if a target requires authentication</h3><p>
+ When listing the targets, each target that has authantication enabled
+ will contain a listing of all accoutns bound to that target.
+ </p><pre class="screen">
+tgtadm --lld iscsi --op show --mode target
+Target 1: iqn.ronnie.test
+...
+Account information:
+ ronnie
+...
+ </pre></div></div><div class="refsect1" title="iSNS PARAMETERS"><a name="id356483"></a><h2>iSNS PARAMETERS</h2><p>
iSNS configuration for a target is by using the tgtadm command.
</p><div class="variablelist"><pre class="screen">
Example:
@@ -253,9 +306,9 @@ tgtadm --op update --mode sys --name iSNSAccessControl --value Off
This setting specifies the port to use for iSNS.
</p></dd><dt><span class="term"><code class="option">iSNSAccessControl</code></span></dt><dd><p>
Enable/disable access control for iSNS.
- </p></dd></dl></div></div><div class="refsect1" title="SEE ALSO"><a name="id416681"></a><h2>SEE ALSO</h2><p>
+ </p></dd></dl></div></div><div class="refsect1" title="SEE ALSO"><a name="id356576"></a><h2>SEE ALSO</h2><p>
tgtd(8), tgt-admin(8), tgtimg(8), tgt-setup-lun(8).
<a class="ulink" href="http://stgt.sourceforge.net/"; target="_top">http://stgt.sourceforge.net/</a>
- </p></div><div class="refsect1" title="REPORTING BUGS"><a name="id416695"></a><h2>REPORTING BUGS</h2><p>
+ </p></div><div class="refsect1" title="REPORTING BUGS"><a name="id356590"></a><h2>REPORTING BUGS</h2><p>
Report bugs to <stgt@xxxxxxxxxxxxxxx>
</p></div></div></body></html>
diff --git a/doc/manpages/tgtadm.8 b/doc/manpages/tgtadm.8
index cbf8f11..080ca66 100644
--- a/doc/manpages/tgtadm.8
+++ b/doc/manpages/tgtadm.8
@@ -2,12 +2,12 @@
.\" Title: tgtadm
.\" Author: [FIXME: author] [see http://docbook.sf.net/el/author]
.\" Generator: DocBook XSL Stylesheets v1.75.2 <http://docbook.sf.net/>
-.\" Date: 12/14/2010
+.\" Date: 02/19/2011
.\" Manual: [FIXME: manual]
.\" Source: [FIXME: source]
.\" Language: English
.\"
-.TH "TGTADM" "8" "12/14/2010" "[FIXME: source]" "[FIXME: manual]"
+.TH "TGTADM" "8" "02/19/2011" "[FIXME: source]" "[FIXME: manual]"
.\" -----------------------------------------------------------------
.\" * Define some portability stuff
.\" -----------------------------------------------------------------
@@ -442,6 +442,61 @@ tgtadm \-\-op update \-\-mode target \-\-tid 1 \-n DataDigest \-v None
.if n \{\
.RE
.\}
+.SH "CHAP AUTHENTICATION"
+.PP
+CHAP authentication is supported to require authentication before an initiator is allowed to log in and access devices\&. TGTD supports setting CHAP for normal log in sessions only, not for discovery sessions\&. Discovery sessions are always possible without authentication\&.
+.PP
+CHAP authentication is set on the target level\&. To set up CHAP authentication we first need to create an account and its associated password, then we bind the account to one or more targets\&.
+.SS "Setting CHAP on a target"
+.PP
+These two commands create a user account and binds it to target 1\&.
+.sp
+.if n \{\
+.RS 4
+.\}
+.nf
+tgtadm \-\-lld iscsi \-\-op new \-\-mode account \-\-user ronnie \-\-password password
+tgtadm \-\-lld iscsi \-\-op bind \-\-mode account \-\-tid 1 \-\-user ronnie
+
+.fi
+.if n \{\
+.RE
+.\}
+.SS "List all accounts"
+.PP
+This command is used to list all accounts that have been created\&.
+.sp
+.if n \{\
+.RS 4
+.\}
+.nf
+tgtadm \-\-lld iscsi \-\-op show \-\-mode account
+Account list:
+ ronnie
+
+.fi
+.if n \{\
+.RE
+.\}
+.SS "Show if a target requires authentication"
+.PP
+When listing the targets, each target that has authantication enabled will contain a listing of all accoutns bound to that target\&.
+.sp
+.if n \{\
+.RS 4
+.\}
+.nf
+tgtadm \-\-lld iscsi \-\-op show \-\-mode target
+Target 1: iqn\&.ronnie\&.test
+\&.\&.\&.
+Account information:
+ ronnie
+\&.\&.\&.
+
+.fi
+.if n \{\
+.RE
+.\}
.SH "ISNS PARAMETERS"
.PP
iSNS configuration for a target is by using the tgtadm command\&.
diff --git a/doc/tgtadm.8.xml b/doc/tgtadm.8.xml
index 455310f..421f638 100644
--- a/doc/tgtadm.8.xml
+++ b/doc/tgtadm.8.xml
@@ -531,6 +531,57 @@ tgtadm --op update --mode target --tid 1 -n DataDigest -v None
</refsect1>
+ <refsect1><title>CHAP Authentication</title>
+ <para>
+ CHAP authentication is supported to require authentication before
+ an initiator is allowed to log in and access devices.
+ TGTD supports setting CHAP for normal log in sessions only, not
+ for discovery sessions. Discovery sessions are always possible
+ without authentication.
+ </para>
+ <para>
+ CHAP authentication is set on the target level.
+ To set up CHAP authentication we first need to create an account
+ and its associated password, then we bind the account to one or more
+ targets.
+ </para>
+
+ <refsect2><title>Setting CHAP on a target</title>
+ <para>
+ These two commands create a user account and binds it to target 1.
+ </para>
+ <screen format="linespecific">
+tgtadm --lld iscsi --op new --mode account --user ronnie --password password
+tgtadm --lld iscsi --op bind --mode account --tid 1 --user ronnie
+ </screen>
+ </refsect2>
+
+ <refsect2><title>List all accounts</title>
+ <para>
+ This command is used to list all accounts that have been created.
+ </para>
+ <screen format="linespecific">
+tgtadm --lld iscsi --op show --mode account
+Account list:
+ ronnie
+ </screen>
+ </refsect2>
+
+ <refsect2><title>Show if a target requires authentication</title>
+ <para>
+ When listing the targets, each target that has authantication enabled
+ will contain a listing of all accoutns bound to that target.
+ </para>
+ <screen format="linespecific">
+tgtadm --lld iscsi --op show --mode target
+Target 1: iqn.ronnie.test
+...
+Account information:
+ ronnie
+...
+ </screen>
+ </refsect2>
+ </refsect1>
<refsect1><title>iSNS PARAMETERS</title>
--
1.7.3.1
