Release 6.0 443Appendix O CHAP AuthenticationChallenge Handshake Authentication Protocol (CHAP) is an authentication method. This appendix describesthe CHAP authentication and its settings.O.1 GeneralA random text string called a “challenge” is sent from the server to the client, and the client uses it asthe basis for encrypting its own “Secret” (password), which it returns. Because the server has theclient's Secret (password), it performs the same encryption and compares the result to the encryptedcode returned from the client to enable authentication of users.O.2 Constraints on Secrets Although this device enables use of 12- to 32-character string lengths, typically Initiator restricts theCHAP Secrets to 16-character (128-bit) strings. (As of February 2009) Do not set the same values to the Initiator CHAP Secret and the target CHAP Secret that are usedfor bidirectional CHAP authentication.O.3 Description of Operation Modes1. CHAP authentication for InitiatorOnly authentication of the application server (Initiator) from the disk array unit (iSCSI target) isperformed.Only target CHAP Secret is set.2. Bidirectional CHAP authenticationAuthentication is performed mutually for the disk array unit (iSCSI target) and the application server(Initiator). Both a target CHAP Secret and an Initiator CHAP Secret are set.O.4 CHAP Username Setting1. Set the target name (when it can be set) as the CHAP username (target side).2. Unless otherwise specified, set the Initiator name as the CHAP username (Initiator side).(If using another name, maximum length is 256 characters.)Microsoft iSCSI Software Initiator refers to this as "Mutual CHAP".