Manualshelf

Deployment Guide

ManualsBrandsDell ManualsserversDell Brocade 6520
919293949596979899100
Fabric OS Command Reference 61
53-1003131-01
authUtil
2
authUtil
Displays and sets the authentication configuration.
SYNOPSIS authutil
authutil --show
authutil --set option value
authutil --policy -sw option | -dev option
authutil --authinit [slot/]port[, [slot/]port...] | allE
DESCRIPTION Use this command to display and set local switch authentication parameters.
Use --set to change authentication parameters such as protocol, Diffie-Hellman group (DH group), or
hash type. When no protocol is set, the default setting of "FCAP, DH- CHAP" is used. When no group is
set, the default setting of "*" (meaning "0,1,2,3,4") is used. Configuration settings are saved persistently
across reboots. Configuration changes take effect during the next authentication request.
Use the --show command to display the current authentication configuration.
Authentication parameters are set on a per-switch basis. If Virtual Fabrics are enabled, all authentication
parameters apply to the current logical switch context only, and must be configured separately for each
logical switch. Use setContext to change the current logical switch context.
In a VF environment, authentication is performed only on physical E_Ports, not on logical interswitch
links (LISLs).
An FCR switch does not depend on the authentication policy to perform authentication or
encryption/compression key exchange with the edge fabric. The authentication policy set on an FCR
switch is not considered to perform authentication with the edge fabric. The authUtil configuration on the
FCR switch does not affect EX_Port. The EX_Port acts passively by accepting the parameters received
from the edge fabric.
NOTES The execution of this command is subject to Virtual Fabric or Admin Domain restrictions that may be in
place. Refer to Chapter 1, "Using Fabric OS Commands" and Appendix A, "Command Availability" for
details.
OPERANDS This command has the following operands:
--show
Displays the local authentication configuration.This option is supported in the
Access Gateway (AG) mode.
--set option value
Modifies the authentication configuration. Valid options and their values include
the following:
-a fcap | dhchap | all
Sets the authentication protocol. Specify "fcap" to set only FCAP authentication.
Specify "dhchap" to set only DH-CHAP authentication. Specify "all" to set both
FCAP and DH-CHAP, which is the default setting. When authentication is set to
"all", the implicit order is FCAP followed by DH-CHAP. This means that in
authentication negotiation, FCAP is given priority over DH-CHAP on the local
switch. If the negotiation is done for an encrypted port, DHCHAP takes
precedence over FCAP. The --set dhchap and --set all options are supported in
the AG mode.