Challenge Handshake Authentication Protocol (CHAP) is a method of authenticating iSCSI initiators (hosts) and targets (volumes and snapshots). CHAP exposes iSCSI storage and ensures a secure standard storage protocol. Authentication depends on a secret, similar to a password, that is known to both the authenticator and the peer. There are two variants of CHAP protocol:
- Single CHAP authentication allows for the iSCSI target to authenticate the initiator. When an initiator tries to connect to a target (Normal mode or through Discovery mode), it provides a username and password to the target.
- Mutual CHAP allows for the iSCSI target and the initiator to authenticate each other. The iSCSI initiator authenticates each iSCSI target that the group presents. When an initiator tries to connect to a target, the target provides a username and password to the initiator. The initiator compares the supplied username and password to information that it holds. If they match, the initiator can connect to the target.
CHAP is disabled by default. The user can enable it on the CHAP settings page in PowerStore Manager or through the REST API.