|
[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index] does iSCSI support CHAP challenges at random intervals?The CHAP RFC (RFC 1994) allows the authenticator to send a new challenge to the peer at random intervals. I don't see any mention of this in the IPS Security document or the iSCSI Draft. In the iSCSI Draft, the CHAP keys are discussed in section 10 with regard to the Security Stage of Login, but are not mentioned in full feature phase. As far as iSCSI is concerned, is CHAP authentication a one-time occurance during login, or are new challenges also allowed/expected at random intervals during the life of the connection? If re-authentication is allowed, then an example would be helpful in the text (target initiates authentication via async msg requesting parameter negotiation, then issues CHAP_I CHAP_C challenge in response to empty text request pdu; or initiator initiates authentication via text request containing CHAP_A key, etc...). If it is not allowed, perhaps we should explicitly state this in the iSCSI draft and/or IPS Security document, since it is a difference between iSCSI usage of CHAP and that allo wed by the RFC. thanks, Dean Scoville QLogic
Home Last updated: Wed Aug 28 14:18:58 2002 11705 messages in chronological order |