|
[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index] RE: ISCSI: User authentication vs. Machine Authentication for iSC SIResponding to John's comment below... >2) would be the case if jane helpful-programmer (or joe script-kiddy) >wrote a user-mode iSCSI initiator using sockets for whatever purpose. > >/*Huff** >This is one of the problems we must protect from. Since an OS (iSCSI >Initiator Node Name can be validated, we must make sure that the >Authorization approach prevents this from happening. As I stated >above I can not believe that a user mode application (other then in >development) that had to add all its own PDU structures etc. >would be a valid application (especially since it could NOT use any >iSCSI offload HW that might be in place.) >So I believe we must consider such a potential application as >probably a rouge application and do nothing to help this, and work >to prevent it. >**Huff*/ It isn't feasible nor desirable to protect against such a software implementation. I can imagine non-performance related applications that might want such an interface. However, there is also no way the OS should be responsible for passing its credentials to this application either. If the pure user-space software implementation is processing iSCSI PDUs, then it will be performing login itself and must use its own iSCSI Initiator name and perform its own authentication procedures... Paul
Home Last updated: Wed Sep 05 01:17:10 2001 6343 messages in chronological order |