Ulrich Windl wrote: > On 29 Apr 2009 at 11:25, Mike Christie wrote: > >> Ulrich Windl wrote: >>> On 28 Apr 2009 at 7:10, HIMANSHU wrote: >>> >>>> One more question analogues to this. >>>> >>>> Suppose I login to 1st target from machine 30.12,it was having node >>>> authentication.so I saved its credentials in iscsid.conf and then I >>>> fired the discovery command followed by login command.It was >>>> successful and those credentials also got stored in nodes and >>>> send_targets. >>>> >>>> Then if I want to login to 2nd target which is also having node >>>> authentication from same machine,I am overwriting same iscsid.conf >>>> file.So I am loosing my previous credentials from iscsid.conf.Also >>>> after discovery,I am loosing previous target information from nodes >>>> and send_targets. >>> Hi, >>> >>> I'm no expert, but I think the credentials are stored per node/target in >>> the >>> "iSCSI database" (like /etc/iscsi/send_targets/* and /etc/iscsi/nodes/*/*). >> Yeah, that is correct. When you run the discovery command or manual >> addition command, iscsiadm will read iscsid.conf and use those for the >> initial defaults for what gets created in those dirs. You can then >> change what is in those dirs using iscsiadm -m node -o update.... >> >>> /etc/iscsi.conf just has the defaults. Probably it would be better to never >>> touch >>> the iscsid.conf, but provide auth information when discovering targets or >>> loggin >>> in to nodes/targets. However then the "secrets" would be on the command >>> line (and >>> process list, etc). >>> >> I was thinking he has a issue where one target needs one set of CHAP >> values for the discovery session, then they need another set of CHAP >> values for another discovery session to another target. For this type of >> setup, you have to edit iscsid.conf, run iscsiadm -m discovery ..., then >> edit iscsid.conf again and then run iscsiadm -m discovery ... to the >> other target. > > Hi, > > That sounds like a workaround for some design deficit. Why not have a more > flexible approach like ~/.netrc (a file that stores authentication > information for > several systems, keeping secrets away from the command line and the process > list). > I mean an option for discovery like > "--credentials-file=~/iscsi-credentials-for- > ...". You get the idea? >
Could you just put it in the iscsid.conf file with the other discovery settings? Instead of the single discovery address settings, you can specific specific discovery addresses? Someone just has to implement it. Put it on my TODO :) --~--~---------~--~----~------------~-------~--~----~ You received this message because you are subscribed to the Google Groups "open-iscsi" group. To post to this group, send email to open-iscsi@googlegroups.com To unsubscribe from this group, send email to open-iscsi+unsubscr...@googlegroups.com For more options, visit this group at http://groups.google.com/group/open-iscsi -~----------~----~----~----~------~----~------~--~---
