|
|
| [Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index] |
On Jan 10, 2006, at 9:17 PM, Aravind Rajagopal wrote:
Hi iSCSI Authors,I'm facing a scenario in the Login Sequence which might be illegal, but I am unsure of the same. I would like to know what you think of the exchange.The AuthMethod negotiated is CHAP and once the Chap Challenge is sent by the Target, the Init responds with the Chap response with CSG=NSG=0 and T=0. This is validated by the target which finds Authentication to be successful and the Login Response also has CSG=NSG=T=0. Now, the Init sends a Login Req with CSG=NSG=0 and T=0 and with no data attached. The target responds with a Login reponse with Status Class =0x3 indicating failure on the Target side to continue the login. My concern is over the Last Login Req which according to the draft is not strictly speaking illegal. So should the target respond with a Login Resp with again CSG=NSG=T=0. Or is it justified in reporting an error?
The target is ALWAYS free to report a Status Class =0x3 error. It can do so due to an internal error, because it thinks you won the lottery, because it thinks you didn't win the lottery, or because of the phase of the moon.
Obviously it is best if it actually logs you in instead, but it is permissible.
To be honest, I wonder why the initiator sent the empty NSG=0/T=0 packet. The only reason to not continue CHAP is if the initiator wants to perform mutual auth, but to do so it should have sent a new challenge and I value when it sent back the response and name. Thus there really is no reason to not be transitioning out of security. So the target is probably shutting things down as the initiator looks broken.
Take care, Bill
Attachment:
PGP.sig
Description: This is a digitally signed message part
_______________________________________________ Ips mailing list Ips@ietf.org https://www1.ietf.org/mailman/listinfo/ips
[IETF] [Linux iSCSI] [Linux SCSI] [Linux Resources] [Yosemite News] [IETF Announcements] [IETF Discussion] [SCSI]
|
|