Configuration tasks – HP StorageWorks IP Storage Router User Manual
Page 147
Configuring Authentication
147
IP Storage Router SR2122-2 User Guide
This chapter describes how to configure the following AAA security services:
■
RADIUS is a distributed client/server system implemented through AAA that
secures networks against unauthorized access. In this implementation, the
storage router sends authentication requests to a central RADIUS server that
contains all user authentication and network service access information.
■
TACACS+ is a security application implemented through AAA that provides
centralized validation of users attempting to gain access to storage targets
through specified SCSI routing instances. TACACS+ services are maintained
in a database on a TACACS+ daemon running, typically, on a UNIX or
Windows NT workstation. TACACS+ provides for separate and modular
authentication, authorization, and accounting facilities.
■
Local or local-case uses a local username database on the storage router for
authentication. Local-case indicates that the user name authentication is
case-sensitive. Password authentication is always case-sensitive.
Configuration Tasks
To configure iSCSI authentication and the associated AAA authentication services
on the storage router:
1. Configure the desired security services, such as RADIUS, TACACS+, or the
local username database.
2. Build the AAA authentication list.
3. Test the iSCSI authentication services.
4. Enable iSCSI authentication for individual SCSI routing instances.
5. Verify and save AAA and iSCSI authentication configuration.
illustrates AAA authentication configuration elements and
illustrates the example configuration of iSCSI authentication and AAA
authentication services used in this chapter.