diff options
author | trasz <trasz@FreeBSD.org> | 2014-10-29 09:26:55 +0000 |
---|---|---|
committer | trasz <trasz@FreeBSD.org> | 2014-10-29 09:26:55 +0000 |
commit | b73c1cc9fd2cad61d5764afc9111df0e0ac1bb21 (patch) | |
tree | 417bc9bb3b2edcd998af4172663bf2157043a24a /usr.sbin/ctld/ctl.conf.5 | |
parent | e8852d82cc71dc9a97e048dd3eaa8993cf53fb78 (diff) | |
download | FreeBSD-src-b73c1cc9fd2cad61d5764afc9111df0e0ac1bb21.zip FreeBSD-src-b73c1cc9fd2cad61d5764afc9111df0e0ac1bb21.tar.gz |
Add discovery-filter. This makes it possible to restrict which targets
are returned during discovery based on initiator portal, name, and CHAP
credentials.
Reviewed by: mav@
MFC after: 1 month
Sponsored by: The FreeBSD Foundation
Diffstat (limited to 'usr.sbin/ctld/ctl.conf.5')
-rw-r--r-- | usr.sbin/ctld/ctl.conf.5 | 39 |
1 files changed, 38 insertions, 1 deletions
diff --git a/usr.sbin/ctld/ctl.conf.5 b/usr.sbin/ctld/ctl.conf.5 index 58f598b..c106854 100644 --- a/usr.sbin/ctld/ctl.conf.5 +++ b/usr.sbin/ctld/ctl.conf.5 @@ -27,7 +27,7 @@ .\" .\" $FreeBSD$ .\" -.Dd October 28, 2014 +.Dd October 29, 2014 .Dt CTL.CONF 5 .Os .Sh NAME @@ -175,6 +175,43 @@ Another predefined .Qq Ar no-authentication , may be used to permit discovery without authentication. +.It Ic discovery-filter Ar filter +Determines which targets are returned during discovery. +Filter can be either +.Qq Ar none , +.Qq Ar portal , +.Qq Ar portal-name , +or +.Qq Ar portal-name-auth . +When set to +.Qq Ar none , +discovery will return all targets assigned to that portal group. +When set to +.Qq Ar portal , +discovery will not return targets that cannot be accessed by the +initiator because of their +.Sy initiator-portal . +When set to +.Qq Ar portal-name , +the check will include both +.Sy initiator-portal +and +.Sy initiator-name . +When set to +.Qq Ar portal-name-auth , +the check will include +.Sy initiator-portal , +.Sy initiator-name , +and authentication credentials, ie. if the target does not require +CHAP authentication, or if CHAP user and secret used during discovery +match CHAP user and secret required to access the target. +Note that when using +.Qq Ar portal-name-auth , +targets that require CHAP authentication will only be returned if +.Sy discovery-auth-group +requires CHAP. +The default is +.Qq Ar none . .It Ic listen Ar address An IPv4 or IPv6 address and port to listen on for incoming connections. .\".It Ic listen-iser Ar address |