On 6/9/21 5:22 AM, Maurizio Lombardi wrote: > st 9. 6. 2021 v 1:14 odesílatel Roman Bolshakov <r.bolshakov@xxxxxxxxx> napsal: >> >> Hi Maurizio, >> >> It might still be useful to carry the meaning of "effective auth_type" >> in case of complex auth configuration. Otherwise there's no way to check >> what auth settings took effect for a particular session/I_T nexus. >> >> I think we should rather print auth_type value someplace in configfs >> than delete the field altogether. > > Ok I see what you mean. > > If acls are used, identifying the CHAP-protected sessions is > trivial... you just have > to look under configfs /tptg_1/acls/.../auth and tptg_1/acls/.../info > > If dynamic sessions are allowed and the tgt parameter AuthMethod is > "CHAP,None", > you could end up having some initiators using CHAP and some not... > AFAIK, in this case, there is currently no way to find out if a > particular session used CHAP or not. > > If it could really be useful to know that, then one possible solution > is to add this > information to the "dynamic_sessions" list in configfs, > but I'm not really sure this is acceptable because it could break the > user applications > that rely on this list. > > Another solution that comes to my mind is to create a new configfs > node "sessions_info" > that contains a list of all connected initiators, their iqns, > authentication method etc. > but if the list is too long it could be truncated (attribute's max > size is PAGE_SIZE). > > Or we could create a new configfs directory "sessions" and each > session would have it's own > entry there. I did that here if you guys want it: https://www.spinics.net/lists/linux-scsi/msg143621.html
