SCF changes for iSCSI Target PSARC/2007/414 FastTrack [restart]
Bill Sommerfeld
sommerfeld at sun.com
Wed Sep 12 16:06:06 PDT 2007
in scf_schema, we find:
> chap_secrets
> target_chap SCF_TYPE_USTRING
> initiator_chap SCF_TYPE_USTRING
> radius_chap SCF_TYPE_USTRING
> value_authorization SCF_TYPE_ASTRING
> read_authorization SCF_TYPE_ASTRING
vs.
> The chap_secret pgroup contains chap secrets for target, initiators
> and radius server.
vs. (in a later example):
chap_secret
iscsitgt fasfre4j4j49h33232fhffaieiei
initiator_s6r fasfre4j4j49h33232fhffaieiei
radius-secret 94jnfjsleoo445
value_authorization solaris.smf.value.iscsitgt
read_authorization solaris.smf.read.iscsitgt
Is it "chap_secret" or "chap_secrets" ?
It appears that rather than the property names being literally
"target_chap" and "initiator_chap", the properties are actually given
the name of the initiator and target property groups, and there could be
many such attributes in the property group?
What prevents the creation of a target or initiator named
"read_authorization"?
what, if anything prevents a name collision between an initiator and a
target?
also, what measures are taken to conform to the requirements of 2007/177
in terms of additional protection or obfuscation of properties?
> The chap secret is default to NULL.
But there are multiple chap secrets created with dynamic names?
- Bill
More information about the opensolaris-arc
mailing list