46 Intel Storage System SSR212PP User Guide
Revision 1.0
PRELIMINARY
What is CHAP?
Challenge Handshake Authentication Protocol (CHAP) is an optional iSCSI
authentication method where the target authenticates iSCSI initiators. CHAP consists of
initiator CHAP and mutual CHAP, depending on which way the authentication occurs. For
initiator CHAP, the target authenticates the initiator. Mutual CHAP can be configured in
addition to initiator CHAP. For mutual CHAP, the initiator authenticates the target.
Initiator CHAP
To establish a connection and gain access to storage in an initiator CHAP configuration,
the initiator must present a username and secret to the iSCSI target. The storage system
compares the username and secret with a database of CHAP user accounts to authenticate
the initiator.
To set up initiator CHAP authentication, you enter the username and secret on the target,
then configure each initiator to use that username and secret.
Mutual CHAP
In a mutual CHAP configuration, both the target and the initiator authenticate each other.
In addition to setting up initiator CHAP, you can configure the initiator with a username
and secret that the target must present to establish a connection. You must also configure
the target to present this username and secret to initiators.
If you are planning to set up optional CHAP authentication security on the storage system,
prepare the following storage system CHAP security worksheets for initiator CHAP and
mutual CHAP.