SORT BY:

LIST ORDER
THREAD
AUTHOR
SUBJECT


SEARCH

IPS HOME


    [Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

    RE: IKE and iSCSI Authentication



    > I really did understand what it take to associate the iSCSI nitiator Name
    > with the UserID.  I said that an tight binding table was needed.  I also
    > said that you have to be sure that it is kept in sync with the
    > Installations User/Password Database/Directory.  You did not refute that,
    > just attempted to trivialize the relationship table that 
    > needs to be built.
    > 
    > We have never address this Table as part of iSCSI before, and it is
    > important that everyone understands this, and that we understand how it is
    > to be kept in sync with the installations User/Password Directory.  As
    part
    > of doing this, we need to really understand what directories prevent our
    > use of iSCSI Node Names, and which permit it.  We need to understand if it
    > is possible to have more then one UserID associated with a single iSCSI
    > Node Name, etc.
    
    John,
    
    The conventional name for this "Table" is an Access Control List (ACL).
    Between LUN masking/mapping and management products, this is already a
    familiar
    concept in storage systems.  If the number of targets is a concern, there
    are well-known ways to make ACLs scalable.  In practice, keeping ACLs in
    sync with the enterprise authentication system is not that difficult -
    only the userids appear in the ACLs, and hence they aren't changed when
    a password is changed because the password-related data is passed to an
    external server for verification.  Administration of userid changes can
    consume some time, but administrators of secure internal web sites seem
    to have mastered this.
    
    Thanks,
    --David
    
    ---------------------------------------------------
    David L. Black, Senior Technologist
    EMC Corporation, 42 South St., Hopkinton, MA  01748
    +1 (508) 435-1000 x75140     FAX: +1 (508) 497-8500
    black_david@emc.com       Mobile: +1 (978) 394-7754
    ---------------------------------------------------
    


Home

Last updated: Tue Sep 04 01:03:49 2001
6315 messages in chronological order