RE: ISCSI: User authentication vs. Machine Authentication for iSC SI

["CONGDON,PAUL (HP-Roseville,ex1)" <paul_congdon@hp.com>]

Responding to John's comment below...

>2) would be the case if jane helpful-programmer (or joe script-kiddy)
>wrote a user-mode iSCSI initiator using sockets for whatever purpose.
>
>/*Huff**
>This is one of the problems we must protect from. Since an OS (iSCSI
>Initiator Node Name can be validated, we must make sure that the
>Authorization approach prevents this from happening.  As I stated
>above I can not believe that a user mode application (other then in
>development) that had to add all its own PDU structures etc.
>would be a valid application (especially since it could NOT use any
>iSCSI offload HW that might be in place.)
>So I believe we must consider such a potential application as
>probably a rouge application and do nothing to help this, and work
>to prevent it.
>**Huff*/

It isn't feasible nor desirable to protect against such a software
implementation.  I can imagine non-performance related applications that
might want such an interface.  However, there is also no way the OS should
be responsible for passing its credentials to this application either.  If
the pure user-space software implementation is processing iSCSI PDUs, then
it will be performing login itself and must use its own iSCSI Initiator name
and perform its own authentication procedures...

Paul