Reference Guide
∙ Private loop devices
∙ Mixed public and private devices in loop
∙ NPIV devices
∙ FICON channels
∙ Configupload and download will not be supported for the following AUTH attributes: auth type, hash type, group type.
NOTE
For information about how to use authentication with Access Gateway, refer to the
Access Gateway Administrator's Guide
.
Authentication protocols
Use the authUtil command to perform the following tasks:
∙ Display the current authentication parameters.
∙ Select the authentication protocol used between switches.
∙ Select the DH (Diffie-Hellman) group for a switch.
Run the authUtil command on the switch you want to view or change. Below are the different options to specify which DH group you
want to use.
∙ 00 - DH Null option
∙ 01 - 1024 bit key
∙ 02 - 1280 bit key
∙ 03 - 1536 bit key
∙ 04 - 2048 bit key
Viewing the current authentication parameter settings for a switch
1. Log in to the switch using an account with admin permissions, or an account with the O permission for the Authentication
RBAC class of commands.
2. Enter the authUtil --show command.
Example of output from the authUtil-- show command
AUTH TYPE HASH TYPE GROUP TYPE
--------------------------------------
fcap,dhchap sha1,md5 0, 1, 2, 3, 4
Switch Authentication Policy: PASSIVE
Device Authentication Policy: OFF
Setting the authentication protocol
1. Log in to the switch using an account with admin permissions, or an account with OM permissions for the Authentication RBAC
class of commands.
2. Enter the authUtil --set -a command specifying fcap, dhchap, or all.
Example of setting the DH-CHAP authentication protocol
switch:admin> authutil --set -a dhchap
Authentication is set to dhchap.
When using DH-CHAP, make sure that you configure the switches at both ends of a link.
Configuring Security Policies
Brocade Fabric OS Administration Guide, 8.0.1
53-1004111-02 231