diff options
| -rw-r--r-- | block/iscsi.c | 3 | ||||
| -rw-r--r-- | docs/about/deprecated.rst | 8 |
2 files changed, 11 insertions, 0 deletions
diff --git a/block/iscsi.c b/block/iscsi.c index b3e10f4..ed3e87a 100644 --- a/block/iscsi.c +++ b/block/iscsi.c @@ -1353,6 +1353,9 @@ static void apply_chap(struct iscsi_context *iscsi, QemuOpts *opts, } else if (!password) { error_setg(errp, "CHAP username specified but no password was given"); return; + } else { + warn_report("iSCSI block driver 'password' option is deprecated, " + "use 'password-secret' instead"); } if (iscsi_set_initiator_username_pwd(iscsi, user, password)) { diff --git a/docs/about/deprecated.rst b/docs/about/deprecated.rst index cb1ec72..d31ffa8 100644 --- a/docs/about/deprecated.rst +++ b/docs/about/deprecated.rst @@ -301,6 +301,14 @@ The above, converted to the current supported format:: json:{"file.driver":"rbd", "file.pool":"rbd", "file.image":"name"} +``iscsi,password=xxx`` (since 8.0) +^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^ + +Specifying the iSCSI password in plain text on the command line using the +``password`` option is insecure. The ``password-secret`` option should be +used instead, to refer to a ``--object secret...`` instance that provides +a password via a file, or encrypted. + Backwards compatibility ----------------------- |