Add option to set chap algorithms for iscsid for FIPS

The default CHAP algorithm for iscsid is md5, which is disallowed
under fips.  We will set the chap algorithm to "SHA3-256,SHA256",
which should work under all configurations.

Change-Id: Ide186fb53b3f9826ff602cb7fb797f245a15033a
This commit is contained in:
Ade Lee 2021-08-06 14:26:37 -04:00
parent 6c849e3713
commit c3b7051387

View File

@ -315,6 +315,10 @@ EOF
sudo systemctl daemon-reload sudo systemctl daemon-reload
fi fi
# set chap algorithms. The default chap_algorithm is md5 which will
# not work under FIPS
iniset -sudo /etc/iscsi/iscsid.conf DEFAULT "node.session.auth.chap_algs" "SHA3-256,SHA256"
# ensure that iscsid is started, even when disabled by default # ensure that iscsid is started, even when disabled by default
restart_service iscsid restart_service iscsid
fi fi