On Fri, 2013-09-13 at 16:23 +0100, Benjamin ESTRABAUD wrote: > Hi! > > After some search on google, it would appear that LIO doesn't support a > "per initiator (IQN) target discovery" feature like IET did with the > initiators.allow file (although it did more than just "hiding" targets > to initiators, it also refused connection from a particular initiator). > > I am right with this assertion? No. By default (eg: when generate_node_acls=0) all initiators are denied access to individual TargetName+TargetPortalGroupTag endpoints until an explicit NodeACL based on InitiatorName is added by the target administrator. So while when discovery authentication is disabled, any initiator can obtain the list of targets through sendtargets discovery, but default, they are *not* allowed to login to any target endpoint without an explicit NodeACL, nor without per NodeACL CHAP authentication credentials. --nab -- To unsubscribe from this list: send the line "unsubscribe target-devel" in the body of a message to majordomo@xxxxxxxxxxxxxxx More majordomo info at http://vger.kernel.org/majordomo-info.html
