CHAP Authentication

As the name implies, Challenge-Handshake Authentication Protocol (CHAP) uses a challenge-response mechanism to authenticate iSCSI initiators. A shared "secret," or password, let the system verify that the iSCSI initiator is who it claims to be and is authorized to access the volume.

Before you can use CHAP authentication, set up the CHAP secret on the volume and on the iSCSI initiator. CHAP secrets must be between 12 and 16 characters long. For the best security, the secret should be random letters and numbers, not a word that could be guessed. If your iSCSI initiator imposes further restrictions on the CHAP secret, you must adhere to these stricter regulations.

When creating a CHAP secret, adhere to the strictest regulations: 12-16 characters containing no spaces or the special characters ( ' " ` ). The CHAP user name should not contain characters such as : ~ ! @ # $ ^ & ( ) + [ ] {} * ; : ' " ., % | < > ? / \ = `.