Manualshelf

Brocade OS Command Reference Manual Supporting Fabric OS v6.0.0 (53-1000599-01, October 2007)

ManualsBrandsHP ManualsComputer AccessoriesHP DC SAN Director Switch Multiprotocol Extension Blade Option
61626364656667686970
38 Fabric OS Command Reference
53-1000599-01
authUtil
2
authUtil
Displays and sets the authentication configuration.
Synopsis authutil [--show] [--set value option] [--policy -sw option| -dev option] [--authinit
slotnumber/portnumber[; slotnumber/] portnumber...| allE]
Description Use this command to display and set local switch authentication parameters.
Use --set to change authentication parameters such as protocol, Diffie-Hellman group (DH group),
or hash type. When no protocol is set, the default setting of “FCAP, DH- CHAP” is used. When no
group is set, the default setting of “*” (meaning “0,1,2,3,4”) is used. Configuration settings are
saved persistently across reboots. Configuration changes take effect during the next authentication
request.
Use --show to display the current authentication configuration. Use portShow to display the
authentication type and associated parameters, if applicable, used on the port.
Note The execution of this command is subject to Admin Domain restrictions that may be in place.
Operands When invoked without operands, this command displays the usage. The following operands are
supported:
--show Displays local authentication configuration.
--set value Modifies authentication configuration. Valid values are:
-a fcap |dhchap | all
Sets authentication protocol. Specify “fcap” to set only FCAP authentication,
“dhchap” to set only DH-CHAP authentication. Specify “all” to set both FCAP
and DH-CHAP, which is the default setting. When authentication is set to “all”,
the implicit order is FCAP followed by DH-CHAP. THis means that in
authentication negotiation FCAP is given priority over DH-CHAP on the local
switch.
-g 0|1|2|3|4|*
Sets Diffie-Hellman (DH) group. Valid values are 0 to 4 and “*”. DH group 0 is
called NULL DH. Each DH group implicitly specifies a key size and associated
parameters. Higher group value provides stronger cryptography and a higher
level of security. When DH group is set to a specified value, only that DH
group is enabled. Specifying “*” enables all DH groups 0, 1, 2, 3, and 4, in
that order. This means that in authentication negotiation NULL DH is given
priority over other groups.
-h Sets hash type. Use this option with a value of 1 to disable md5
authentication access. Disabling md5 access is required when configuring
the system for FIPS. Refer to the Fabric OS Administrator’s Guide for details
on FIPS configuration.
--policy Sets the Switch authentication policy or Device authentication policy. The
following sub-operands are supported:
-sw on|off|active|passive
set switch authentication policy. Specify one of the following modes.
Operands are exclusive.