From mboxrd@z Thu Jan  1 00:00:00 1970
Received: from eggs.gnu.org ([140.186.70.92]:56502)
	by lists.gnu.org with esmtp (Exim 4.71)
	(envelope-from <kwolf@redhat.com>) id 1R47ob-0008HZ-TQ
	for qemu-devel@nongnu.org; Thu, 15 Sep 2011 05:01:06 -0400
Received: from Debian-exim by eggs.gnu.org with spam-scanned (Exim 4.71)
	(envelope-from <kwolf@redhat.com>) id 1R47oa-00079L-Q9
	for qemu-devel@nongnu.org; Thu, 15 Sep 2011 05:01:01 -0400
Received: from mx1.redhat.com ([209.132.183.28]:13355)
	by eggs.gnu.org with esmtp (Exim 4.71)
	(envelope-from <kwolf@redhat.com>) id 1R47oa-00079H-Ej
	for qemu-devel@nongnu.org; Thu, 15 Sep 2011 05:01:00 -0400
Message-ID: <4E71BF69.204@redhat.com>
Date: Thu, 15 Sep 2011 11:03:37 +0200
From: Kevin Wolf <kwolf@redhat.com>
MIME-Version: 1.0
References: <1315628610-28222-1-git-send-email-ronniesahlberg@gmail.com>
	<1315628610-28222-2-git-send-email-ronniesahlberg@gmail.com>
	<20110912091408.GA3465@stefanha-thinkpad.localdomain>
	<20110914143608.GB12218@lst.de>
	<CAN05THQDtk-ZhO1LVjesM0mgcHBj7rG_Qz6GoNqc_5GW8KLy3g@mail.gmail.com>
In-Reply-To: <CAN05THQDtk-ZhO1LVjesM0mgcHBj7rG_Qz6GoNqc_5GW8KLy3g@mail.gmail.com>
Content-Type: text/plain; charset=ISO-8859-1
Content-Transfer-Encoding: 7bit
Subject: Re: [Qemu-devel] [PATCH] This patch adds a new block driver : iSCSI
List-Id: <qemu-devel.nongnu.org>
List-Unsubscribe: <https://lists.nongnu.org/mailman/options/qemu-devel>,
	<mailto:qemu-devel-request@nongnu.org?subject=unsubscribe>
List-Archive: <http://lists.nongnu.org/archive/html/qemu-devel>
List-Post: <mailto:qemu-devel@nongnu.org>
List-Help: <mailto:qemu-devel-request@nongnu.org?subject=help>
List-Subscribe: <https://lists.nongnu.org/mailman/listinfo/qemu-devel>,
	<mailto:qemu-devel-request@nongnu.org?subject=subscribe>
To: ronnie sahlberg <ronniesahlberg@gmail.com>
Cc: qemu-devel@nongnu.org, fujita.tomonori@lab.ntt.co.jp, Christoph Hellwig <hch@lst.de>, Stefan Hajnoczi <stefanha@linux.vnet.ibm.com>

Am 15.09.2011 00:51, schrieb ronnie sahlberg:
> On Thu, Sep 15, 2011 at 12:36 AM, Christoph Hellwig <hch@lst.de> wrote:
> ...
>>>> +/*
>>>> + * We support iscsi url's on the form
>>>> + * iscsi://[<username>%<password>@]<host>[:<port>]/<targetname>/<lun>
>>>> + */
>>
>> Is having username + password on the command line really a that good idea?
>> Also what about the more complicated iSCSI authentification schemes?
> 
> In general it is a very bad idea. For local use on a private box it is
> convenient to be able to use "<username>%<password>@" syntax.
> For use on a shared box, libiscsi supports an alternative method too
> by setting the username and/or password via environment variables :
> LIBISCSI_CHAP_USERNAME=...  LIBISCSI_CHAP_PASSWORD=...

I wonder if we could make it look like an encrypted image. qemu already
has functionality to deal with passwords for block devices, so it seems
to make sense to reuse that for iscsi passwords.

Kevin