Re: no DHCP-assigned InitiatorName

Michael Howard <michael.howard@xxxxxxxxxxx> · 09/22/2008 09:19

Julian Satran wrote:

> Michael - I am not sure what you are looking for? A standard parameter

> as those described by the iBOOT RFC?

Yes, I am looking for a specific DHCP parameter that defines what 

InitiatorName is to be used by the iSCSI boot client.

It seems to me that the purpose of RFC4173 was/is to allow stateless 

clients to boot. The target parameters that are specified in RFC4173 are

necessary, but not sufficient. On many commercial iSCSI target servers

you must have the InitiatorName in order to be able to log in to the 

target. This is the case for NetApp and SANRAD, and I strongly for many

others.

> In any case the initiator name is not the only way to control what
a 

> server will access.

> 

> CbCS (stands for Credential Based Command Security) available for
any 

> SCSI device at the SCSI layer (see the T10 site) is probably 

> safer/better and does not depend on things that can be so easy faked
by 

> an initiator as the initiator name and may be easier to deploy.

This is not something that I am familiar with ...

*** 10 minutes later ***

I could find no reference to CbCS or Command Based Command Security at

the NetApp support site now.netapp.com

A quick search at 
www.t10.org

didn't turn anything up either ... I'll 

keep looking.

There may (and should) be other/better security mechanisms working their

way through the standardization and implementation processes.

As a practical measure, I believe that a DHCP-supplied InitiatorName is

needed because InitiatorName is required by many commercial iSCSI target

servers.

Michael

_______________________________________________
Ips mailing list
Ips@xxxxxxxx
https://www.ietf.org/mailman/listinfo/ips

From:	Michael Howard <michael.howard@xxxxxxxxxxx>
To:	Julian Satran/Haifa/IBM@IBMIL
Cc:	ips@xxxxxxxx
Date:	09/22/2008 09:19
Subject:	Re: no DHCP-assigned InitiatorName