Add option to set chap algorithms for iscsid for FIPS
The default CHAP algorithm for iscsid is md5, which is disallowed under fips. We will set the chap algorithm to "SHA3-256,SHA256", which should work under all configurations. Change-Id: Ide186fb53b3f9826ff602cb7fb797f245a15033a
This commit is contained in:
parent
6c849e3713
commit
c3b7051387
4
lib/nova
4
lib/nova
@ -315,6 +315,10 @@ EOF
|
|||||||
sudo systemctl daemon-reload
|
sudo systemctl daemon-reload
|
||||||
fi
|
fi
|
||||||
|
|
||||||
|
# set chap algorithms. The default chap_algorithm is md5 which will
|
||||||
|
# not work under FIPS
|
||||||
|
iniset -sudo /etc/iscsi/iscsid.conf DEFAULT "node.session.auth.chap_algs" "SHA3-256,SHA256"
|
||||||
|
|
||||||
# ensure that iscsid is started, even when disabled by default
|
# ensure that iscsid is started, even when disabled by default
|
||||||
restart_service iscsid
|
restart_service iscsid
|
||||||
fi
|
fi
|
||||||
|
Loading…
Reference in New Issue
Block a user