|
[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index] Re: ISCSI: User authentication vs. Machine Authentication for iSC SI> I believe this is the "iSCSI Name" (formerly WWUI). I guess I was unclear. I consider the iSCSI name to BE the `user name' in this discussion. I was not suggesting that we introduce any additional identities. I was only suggesting it might be a mistake to slavishly equate identity with OS instance. I don't THINK we're in any risk of doing that. Somebody please shout if they think we are, or if they think we should be. If a user process wants to initiate its own iSCSI connection to a target, there are two options: 1) the host OS gives the process ITS identity (& credentials) 2) the user process uses its own unique identity (obtained through some mechanism we're not describing or discussing, e.g. from the storage domain administrator). 1) would be the case if you were using SCSI passthru to an iSCSI driver. In this situation, it's still really the OS that's doing the interaction as a proxy for the user. The OS can ensure (or not) that its identity isn't being abused. The OS could also give its identity to a user-mode iSCSI sockets client through a securable interface. The OS should never completely freely give away its identity (e.g. to an untrusted user process), unless it doesn't care how it's used. 2) would be the case if jane helpful-programmer (or joe script-kiddy) wrote a user-mode iSCSI initiator using sockets for whatever purpose. Perhaps I'm covering old ground that was already worked out at the interim meeting. If so, I apologize. Steph
Home Last updated: Tue Sep 04 01:03:50 2001 6315 messages in chronological order |