StarWind enables global and individual access CHAP restrictions to targets.
Challenge Handshake Authentication Protocol (CHAP) authenticates a user or network host to an authenticating entity.
CHAP provides protection against replay attacks by the peer through the use of an incrementally changing identifier and of a variable challenge value. CHAP requires that both the client and server know the plain text of the secret, although it is never sent over the network.
Note: For more information about CHAP visit http://technet.microsoft.com/en-us/library/cc957983.aspx
Note: Technical paper about CHAP configuration is available here: https://www.starwindsoftware.com/resource-library/starwind-virtual-san-challenge-handshake-authentication-protocol-chap/
To set the global permissions:
1. Select one of the hosts in the Console tree.
2. Click the CHAP Permissions tab.
3. Right-click the main tab area and select Add Permission from the shortcut menu.
4. In the New Permission Item window, specify the required settings:
- Target CHAP name – the name used by CHAP for initiator authentication.
- Target secret – the secret that is used by CHAP for initiator authentication.
- Initiator CHAP name – the name for the CHAP mutual authentication.
- Initiator secret – the secret for the CHAP mutual authentication.
5. To enable mutual authentication, select the Mutual CHAP authentication checkbox.
6. Please note that partner authentication settings must be configured on devices, located on the partner node.
To set the individual target permissions:
1. Select the required target in the Console tree.
2. Click Add Permission in the CHAP Permissions area.
3. In the New Permission Item window, specify the required settings:
- Target CHAP name – the name used by CHAP for initiator authentication.
- Target secret – the secret that is used by CHAP for initiator authentication.
- Initiator CHAP name – the name for the CHAP mutual authentication.
- Initiator secret – the secret for the CHAP mutual authentication.
4. To enable mutual authentication, select the Mutual CHAP authentication checkbox.
5. Please note that partner authentication settings must be configured on devices, located on the partner node.