[PATCH 1/2] nvmet: Implement 'admin_only' authentication
Hannes Reinecke
hare at suse.de
Tue Jan 28 00:48:33 PST 2025
On 1/28/25 09:11, Sagi Grimberg wrote:
>
>> On 1/24/25 14:49, Sagi Grimberg wrote:
>>>
>>>
>>>
>>> On 24/01/2025 13:47, hare at kernel.org wrote:
>>>> From: Hannes Reinecke <hare at kernel.org>
>>>>
>>>> The spec allows for authentication to run on admin queues only, and
>>>> secure
>>>> concatenation even requires it. So add a configfs attribute
>>>> 'dhchap_admin_only'
>>>> to the target configuration to allow for testing independently of
>>>> secure
>>>> concatenation.
>>>
>>> Why do we want it conditionally? why not always?
>>
>> Because we did support it originally, so I thought to play it safe.
>> Plus it'll cause a regression with the host implementation if applied
>> on its own.
>>
>> But if you say so ...
>
> I'd like to avoid the extra configuration if possible, however we cannot
> break
> existing hosts.
>
> Is there a way to not authenticate I/O queues but still allow it?
Not really. Authentication is driven by the AUTHREQ_ATR / AUTHREQ_ASCR
return status code in the connect response. And that is sent by the
target, so the target has to decide whether it wants authentication on
the queue.
Sadly there is no status for 'whatever, I don't care' ...
Cheers,
Hannes
--
Dr. Hannes Reinecke Kernel Storage Architect
hare at suse.de +49 911 74053 688
SUSE Software Solutions GmbH, Frankenstr. 146, 90461 Nürnberg
HRB 36809 (AG Nürnberg), GF: I. Totev, A. McDonald, W. Knoblich
More information about the Linux-nvme
mailing list