All of lore.kernel.org
 help / color / mirror / Atom feed
From: Mike Christie <mchristi@redhat.com>
To: target-devel@vger.kernel.org
Subject: [PATCH 0/2] iscsi target: fix login negotiation
Date: Sun, 28 Apr 2019 04:17:18 +0000	[thread overview]
Message-ID: <20190428041720.9119-1-mchristi@redhat.com> (raw)

The following patches fix login negotiation when the user has disabled
authentication, and the initiator is presenting CHAP,None. The problem
is that the target initializes AuthMethod to CHAP (normal session) or
CHAP,None (discovery session), but when the user does authentication=0/
enforce_discovery_auth=0 we can end up setting AuthMethod to CHAP,None.
The user would then have not setup CHAP settings like userid/password
since they disabled it, so later the login will fail if the initiator
presents CHAP,None, because the target sees CHAP and tries to do that since
it had set CHAP,None when disabling auth but there are not valid values.

As an alternative to these patches we could also have the configfs file
update the AuthMethod when it is written to. For example when userid,
password, authentication, enforce_discovery_auth, etc are written to
we could update AuthMethod, but I was worried that userspace apps/users
could set these in funky orders like initializing the CHAP values then
setting authentication/enforce=0 and in that case we might end up not
using CHAP when we used to.

                 reply	other threads:[~2019-04-28  4:17 UTC|newest]

Thread overview: [no followups] expand[flat|nested]  mbox.gz  Atom feed

Reply instructions:

You may reply publicly to this message via plain-text email
using any one of the following methods:

* Save the following mbox file, import it into your mail client,
  and reply-to-all from there: mbox

  Avoid top-posting and favor interleaved quoting:
  https://en.wikipedia.org/wiki/Posting_style#Interleaved_style

* Reply using the --to, --cc, and --in-reply-to
  switches of git-send-email(1):

  git send-email \
    --in-reply-to=20190428041720.9119-1-mchristi@redhat.com \
    --to=mchristi@redhat.com \
    --cc=target-devel@vger.kernel.org \
    /path/to/YOUR_REPLY

  https://kernel.org/pub/software/scm/git/docs/git-send-email.html

* If your mail client supports setting the In-Reply-To header
  via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line before the message body. 
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.