Host authentication
Host authentication allows user to configure host authentication mode for iSCSI hosts.
The iSCSI host authentication mode determines which hashing algorithms are used during iSCSI CHAP authentication.
Two authentication modes are supported:
- Disabled (Default)
- The default iSCSI host authentication mode imposes no restrictions on the hashing algorithms used. It allows MD5, SHA1, SHA256, and SHA3-256.
- Enabled
- When enabled, this mode restricts the use of weaker hashing algorithms. Only stronger
algorithms, such as SHA256 and SHA3-256, are permitted, while MD5 and SHA1 are disallowed.Note: If you are using the system as iSCSI backend, then enabling FIPs mode is not a supported configuration on iSCSI backend system.
Prerequisites
Ensure that the following prerequisite tasks are completed on the system before you configure
host authentication:
- For enabling this mode, ensure that all active iSCSI sessions are logged out. For details on active sessions, use the svcinfo lshostiplogin command.
- Once enabled, all previously logged-out sessions that use weaker algorithms must update their hashing algorithm and undergo rediscovery.
Using the management GUI
To configure host authentication, complete these steps:
- In the management GUI, select .
- Select Enabled and then click Save.