Hi, Thank you for your response. > I think that malicious users can forge initiator names. How this > feature can be useful? I understand that initiator names can be changed easily so security of this feature might poor than IP authentication. But the case " malicious users can forge initiator names " can protect by combination with CHAP authentication and my idea is providing this feature in addition to IP authentication. I think the usage of this feature is same as IP authentication but there is only difference in the following usage. Usage : There is a server which has multiple NICs, user must check which IP is connected to targets and then register one IP to targets. If this feature is available, user just register an initiator name instead. Based on RFC 3721, I think initiator name is useful for this purpose. === An iSCSI Name is a location-independent, permanent identifier for an iSCSI node. An iSCSI node has one iSCSI name, which stays constant for the life of the node. The terms "initiator name" and "target name" also refer to an iSCSI name. === Background for this proposal is: - Above usage. - Many storage vendors use the feature, authentication by initiator name. I highly appreciate if you give me comments on this. Best Regards, Hisashi Osanai (from coleague's email) On Fri, 17 Jun 2011 01:28:22 +0900 FUJITA Tomonori <fujita.tomonori@xxxxxxxxxxxxx> wrote: > On Thu, 16 Jun 2011 15:10:09 +0900 > Shuko Yasumoto <yasumoto.shuko@xxxxxxxxxxxxxx> wrote: > > > Dear developers, > > > > # My colleague tried to send the following email several times > > # but it didn't work and he could't find out the reason so I send > > # this email on behalf of him (Hisashi Osanai). > > > > I would like to have the following command option "--initiator-name" > > in addition to the option "--initiator-address" to realize not show targets > > to initiators by initiators' names (iqn). > > > > --lld <driver> --mode target --op bind --tid <id> --initiator-address > > <address> [--initiator-name <name>] > > --lld <driver> --mode target --op unbind --tid <id> {--initiator-address > > <address> | --initiator-name <name>} > > > > What do you think the necessity of this function? > > I think that malicious users can forge initiator names. How this > feature can be useful? > -- > To unsubscribe from this list: send the line "unsubscribe stgt" in > the body of a message to majordomo@xxxxxxxxxxxxxxx > More majordomo info at http://vger.kernel.org/majordomo-info.html -- To unsubscribe from this list: send the line "unsubscribe stgt" in the body of a message to majordomo@xxxxxxxxxxxxxxx More majordomo info at http://vger.kernel.org/majordomo-info.html