Appendix O Chap Authentication; General; Constraints On Secrets; Description Of Operation Modes - NEC Storage M100 Series User Manual

Appendix O CHAP Authentication

Challenge Handshake Authentication Protocol (CHAP) is an authentication method. This appendix describes
the CHAP authentication and its settings.
O.1 General
A random text string called a "challenge" is sent from the server to the client, and the client uses it as
the basis for encrypting its own "Secret" (password), which it returns. Because the server has the
client's Secret (password), it performs the same encryption and compares the result to the encrypted
code returned from the client to enable authentication of users.
O.2 Constraints on Secrets
 Although this device enables use of 12- to 32-character string lengths, typically Initiator restricts the
CHAP Secrets to 16-character (128-bit) strings. (As of February 2009)
 Do not set the same values to the Initiator CHAP Secret and the target CHAP Secret that are used
for bidirectional CHAP authentication.
O.3 Description of Operation Modes
1. CHAP authentication for Initiator
Only authentication of the application server (Initiator) from the disk array unit (iSCSI target) is
performed.
Only target CHAP Secret is set.
2. Bidirectional CHAP authentication
Authentication is performed mutually for the disk array unit (iSCSI target) and the application server
(Initiator). Both a target CHAP Secret and an Initiator CHAP Secret are set.
O.4 CHAP Username Setting
1. Set the target name (when it can be set) as the CHAP username (target side).
2. Unless otherwise specified, set the Initiator name as the CHAP username (Initiator side).
(If using another name, maximum length is 256 characters.)
Release 6.0
Microsoft iSCSI Software Initiator refers to this as "Mutual CHAP".
443