Am 15.09.2011 00:51, schrieb ronnie sahlberg: > On Thu, Sep 15, 2011 at 12:36 AM, Christoph Hellwig <h...@lst.de> wrote: > ... >>>> +/* >>>> + * We support iscsi url's on the form >>>> + * iscsi://[<username>%<password>@]<host>[:<port>]/<targetname>/<lun> >>>> + */ >> >> Is having username + password on the command line really a that good idea? >> Also what about the more complicated iSCSI authentification schemes? > > In general it is a very bad idea. For local use on a private box it is > convenient to be able to use "<username>%<password>@" syntax. > For use on a shared box, libiscsi supports an alternative method too > by setting the username and/or password via environment variables : > LIBISCSI_CHAP_USERNAME=... LIBISCSI_CHAP_PASSWORD=...
I wonder if we could make it look like an encrypted image. qemu already has functionality to deal with passwords for block devices, so it seems to make sense to reuse that for iscsi passwords. Kevin
