|
[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index] Re: Auth method negotiationHi I am sorry for the typo but I cut and paste from the spec. In the spec on page 245 for example it says If the initiator authentication is successful, the target proceeds: T- Login (CSG,NSG=0,1 T=1) I- Login (CSG,NSG=1,0 T=0) ... iSCSI parameters T- Login (CSG,NSG=1,0 T=0) ... iSCSI parameters I did a search and there are several other 1,0 transitions in the spec. Anyway what I meant was what Bill intepreted it to be which was Login (CSG,NSG=0,1 T=1) InitiatorName=iqn.1999-07.com.os.hostid.77 TargetName=iqn.1999-07.com.acme.diskarray.sn.88 AuthMethod=KRB5,SRP,CHAP,None and the target replying T- Login-PR (CSG,NSG=0,1 T=1) AuthMethod=CHAP and then my other questions hopefully make more sense. Thanks Chirag At 01:14 PM 6/21/02, Bill Studenmund wrote: >On Fri, 21 Jun 2002, Chirag Wighe wrote: > > > Hi > > > > In section 10.4 in Draft v13 it says > > "The AuthMethod selection is followed by an "authentication exchange" > > specific to the authentication method selected. " > > Should the "is" be replaced by a "MUST" for any AuthMethod selection other > > than "None"? > >Probably, though we could eliminate the "None" bit as there is no >authentication exchange for "None." > > > As an example closely related to one in the Appendix. > > If the login begins as > > > > I- Login (CSG,NSG=0,1 T=1) > > InitiatorName=iqn.1999-07.com.os.hostid.77 > > TargetName=iqn.1999-07.com.acme.diskarray.sn.88 > > AuthMethod=KRB5,SRP,CHAP,None > > > > And the target chooses CHAP. > > One question that I have is whether choosing CHAP implies the statement in > > section 4.3 > > "Targets MUST NOT submit parameters that require an additional initiator > > login request in a login response with the T bit set to 1." > > So if the target chooses CHAP, does it imply that it expects a CHAP_A > > response and is not permitted to set the T bit to one even if the target is > > not interested in authenticating the initiator. > > So is the following reply illegal? > > T- Login-PR (CSG,NSG=1,0 T=1) > > AuthMethod=CHAP > >Note: you had CSG=0 in the request, but you had CSG=1 in the reply. Yes, >it's illegal. :-) > > > If the above is not illegal, then if the initiator is also not interested > > in authenticating the target, can the initiator transition to the next > stage. > >I'm not sure, but I think so. If the response were CSG,NSG=0,1, then I >think that's fine. Note that the initiator set the T bit, indicating it >isn't interested in the target authenticating itself. If the target also >doesn't care about authentication, then the target knows they both don't >want to authenticate. Thus it's safe to transition. > > > I realize that the above problem might only be a syntactic one as the > > proper ordering of Auth Methods in the requests sent by the initiator not > > interested in Authentication would be for None to precede other options and > > the target will then choose None if it is also not interested in > > authentication either. > >Hmmm... > >I'm not sure. What does everyone else think? If the T bits indicate that >both sides are fine with skipping authentication, does AuthMethods matter? > >Take care, > >Bill
Home Last updated: Sat Jun 22 15:18:47 2002 10944 messages in chronological order |