What is CHAP?
Challenge Handshake Authentication Protocol (CHAP) is an optional iSCSI authentication method where the target authenticates iSCSI initiators. CHAP consists of initiator CHAP and mutual CHAP, depending on which way the authentication occurs. For initiator CHAP, the target authenticates the initiator. Mutual CHAP can be configured in addition to initiator CHAP. For mutual CHAP, the initiator authenticates the target.
Initiator CHAP
To establish a connection and gain access to storage in an initiator CHAP configuration, the initiator must present a username and secret to the iSCSI target. The storage system compares the username and secret with a database of CHAP user accounts to authenticate the initiator.
To set up initiator CHAP authentication, you enter the username and secret on the target, then configure each initiator to use that username and secret.
Mutual CHAP
In a mutual CHAP configuration, both the target and the initiator authenticate each other. In addition to setting up initiator CHAP, you can configure the initiator with a username and secret that the target must present to establish a connection. You must also configure the target to present this username and secret to initiators.
If you are planning to set up optional CHAP authentication security on the storage system, prepare the following storage system CHAP security worksheets for initiator CHAP and mutual CHAP.
46 | Intel Storage System SSR212PP User Guide |
| Revision 1.0 |