[ipxe-devel] login-command breaks authentication-free iscsi boot

Michael Brown mcb30 at ipxe.org
Wed Jun 18 22:16:50 UTC 2014


On 18/06/14 21:44, Oliver Rath wrote:
> it seems that the "login"-command breaks iscsi boot without
> authentication ("demo mode"):
>
> "login" sets the variables "username" and "password". I use this for
> securing some menu a bit (i know, this is easy to hack, but it stops the
> children around me ;-) ).
>
> But if i now use sanboot (or sanhook) for using some iscsi-disks the
> login fail with the message "chap authentication failed". Avoiding the
> login-command let me sanboot without problems.
>
> So it seems, there is a double use of the vars username and password.

There's no way to specify a username and password within an RFC4173 
iSCSI URI.  iPXE will implicitly use whatever is specified in 
${username} and ${password} as credentials for iSCSI.  If your target 
doesn't require initiator authentication then the username and password 
should just be ignored anyway, even though iPXE offers the option of 
CHAP authentication.

It seems as though your target is configured to require authentication 
if it is offered by the initiator.  This is an unusual configuration: 
I'm assuming it's related to your use of a "demo mode".

You can work around the problem by clearing the username and password 
after your login prompt:

   login
   iseq ${password} top-secret-magic-password || goto access_denied
   clear username
   clear password

Michael



More information about the ipxe-devel mailing list