From d3daa7a2bc3f5bca874d3efd072b34a657c4d492 Mon Sep 17 00:00:00 2001
From: Chris Leech <cleech@redhat.com>
Date: Sun, 24 Nov 2019 13:51:09 -0800
Subject: configuration support for CHAP algorithms

Introduces support for preference lists in configuration files, and uses
that for the 'node.session.auth.chap_algs' setting.

This is also re-used for discovery authentication, rather than have two
different configurations.
---
 etc/iscsid.conf | 7 +++++++
 1 file changed, 7 insertions(+)

(limited to 'etc')

diff --git a/etc/iscsid.conf b/etc/iscsid.conf
index 70985af..58f6040 100644
--- a/etc/iscsid.conf
+++ b/etc/iscsid.conf
@@ -57,6 +57,13 @@ node.leading_login = No
 # to CHAP. The default is None.
 #node.session.auth.authmethod = CHAP
 
+# To configure which CHAP algorithms to enable set
+# node.session.auth.chap_algs to a comma seperated list.
+# The algorithms should be listen with most prefered first.
+# Valid values are MD5, SHA1, SHA256, and SHA3-256.
+# The default is MD5.
+#node.session.auth.chap_algs = SHA3-256,SHA256,SHA1,MD5
+
 # To set a CHAP username and password for initiator
 # authentication by the target(s), uncomment the following lines:
 #node.session.auth.username = username
-- 
cgit v1.2.1