SORT BY:

LIST ORDER
THREAD
AUTHOR
SUBJECT


SEARCH

IPS HOME


    [Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

    RE: ISCSI: User authentication vs. Machine Authentication for iSC SI



    
    Responding to John's comment below...
    
    >2) would be the case if jane helpful-programmer (or joe script-kiddy)
    >wrote a user-mode iSCSI initiator using sockets for whatever purpose.
    >
    >/*Huff**
    >This is one of the problems we must protect from. Since an OS (iSCSI
    >Initiator Node Name can be validated, we must make sure that the
    >Authorization approach prevents this from happening.  As I stated
    >above I can not believe that a user mode application (other then in
    >development) that had to add all its own PDU structures etc.
    >would be a valid application (especially since it could NOT use any
    >iSCSI offload HW that might be in place.)
    >So I believe we must consider such a potential application as
    >probably a rouge application and do nothing to help this, and work
    >to prevent it.
    >**Huff*/
    
    It isn't feasible nor desirable to protect against such a software
    implementation.  I can imagine non-performance related applications that
    might want such an interface.  However, there is also no way the OS should
    be responsible for passing its credentials to this application either.  If
    the pure user-space software implementation is processing iSCSI PDUs, then
    it will be performing login itself and must use its own iSCSI Initiator name
    and perform its own authentication procedures...
    
    Paul
    


Home

Last updated: Wed Sep 05 01:17:10 2001
6343 messages in chronological order