[ipxe-devel] login-command breaks authentication-free iscsi boot
Michael Brown
mcb30 at ipxe.org
Wed Jun 18 22:16:50 UTC 2014
On 18/06/14 21:44, Oliver Rath wrote:
> it seems that the "login"-command breaks iscsi boot without
> authentication ("demo mode"):
>
> "login" sets the variables "username" and "password". I use this for
> securing some menu a bit (i know, this is easy to hack, but it stops the
> children around me ;-) ).
>
> But if i now use sanboot (or sanhook) for using some iscsi-disks the
> login fail with the message "chap authentication failed". Avoiding the
> login-command let me sanboot without problems.
>
> So it seems, there is a double use of the vars username and password.
There's no way to specify a username and password within an RFC4173
iSCSI URI. iPXE will implicitly use whatever is specified in
${username} and ${password} as credentials for iSCSI. If your target
doesn't require initiator authentication then the username and password
should just be ignored anyway, even though iPXE offers the option of
CHAP authentication.
It seems as though your target is configured to require authentication
if it is offered by the initiator. This is an unusual configuration:
I'm assuming it's related to your use of a "demo mode".
You can work around the problem by clearing the username and password
after your login prompt:
login
iseq ${password} top-secret-magic-password || goto access_denied
clear username
clear password
Michael
More information about the ipxe-devel
mailing list