Commit e0966436 authored by Konrad Sztyber's avatar Konrad Sztyber
Browse files

doc: clarify in-band auth/secure channel relationship 



With in-band authentication TLS session is established after the
authentication is performed, while marking a listener as requiring a
secure-channel will try to do that immediately after a connection is
established, so they cannot be combined.

Signed-off-by: default avatarKonrad Sztyber <konrad.sztyber@intel.com>
Change-Id: Ied2fb8ac2734fb8498e9942a7da0fa15aa50a75c
Reviewed-on: https://review.spdk.io/gerrit/c/spdk/spdk/+/25044


Reviewed-by: default avatarShuhei Matsumoto <smatsumoto@nvidia.com>
Tested-by: default avatarSPDK CI Jenkins <sys_sgci@intel.com>
Reviewed-by: default avatarJim Harris <jim.harris@samsung.com>
Community-CI: Broadcom CI <spdk-ci.pdl@broadcom.com>
parent 2df86d17

doc/nvmf.md

+5 −0
Original line number Diff line number Diff line
@@ -396,3 +396,8 @@ $ scripts/rpc.py nvmf_set_config --dhchap-digests sha384,sha512 \ 
$ scripts/rpc.py bdev_nvme_set_options --dhchap-digests sha384,sha512 \

    --dhchap-dhgroups ffdhe6114,ffdhe8192

```



The NVMe specification describes the method for using in-band authentication in conjunction with

establishing a secure channel (e.g. TLS).  However, that isn't supported currently, so in order to

perform in-band authentication, hosts must connect over regular listeners (i.e. those that weren't

created with the `--secure-channel` option).