Manualshelf

Brocade Secure Fabric OS Administrator's Guide - Supporting Fabric OS v3.2.0, v4.4.0, v5.0.1, v5.1.0, 5.2.0, and 5.3.0 (53-1000244-02, June 2007)

ManualsBrandsHP ManualsStorageBrocade 4Gb SAN Switch
41424344454647484950
Secure Fabric OS Administrator’s Guide 27
53-1000244-02
2
To view the current authentication parameter settings for a switch
1. Log in to the switch as admin.
2. On a switch running Fabric OS v4.4.0, v5.0.1, v5.1.0, v5.2.0, or v5.3.0, type authUtil --show; on
a switch running Fabric OS v3.2.0, type authUtil "--show".
Output similar to the following displays:
AUTH TYPE HASH TYPE GROUP TYPE
--------------------------------------
fcap,dhchap sha1,md5 0,1,2,3,4
To set the authentication protocol used by the switch to DH-CHAP
1. Log in to the switch as admin
2. On a switch running Fabric OS v4.x or v5.x, type authUtil --set -a dhchap; on a switch running
Fabric OS v3.x, type authUtil "--set -a dhchap".
Output similar to the following displays:
Authentication is set to dhchap.
When using DH-CHAP, make sure that you configure the switches at both ends of a link
NOTE
If you set the authentication protocol to DH-CHAP, have not yet configured shared secrets, and
authentication is checked (for example, you enable the switch), switch authentication fails.
MANAGING SHARED SECRETS
When you configure the switches at both ends of a link to use DH-CHAP for authentication, you
must also define a pair of shared secrets—one for each end of the link. Use the secAuthSecret
command to:
View the WWN of switches with shared secrets
Set the shared secrets for switches
Remove the shared secret for one or more switches
This section illustrates using the secAuthSecret command to display the list of switches in the
current switch’s shared secret database and to set the pair of shared secrets for the current switch
and a connected switch. See the Fabric OS Command Reference for more details on the
secAuthSecret command.
NOTE
A Secure Fabric OS license is required to use the secAuthSecret command.
When setting shared secrets, note that you are entering the shared secrets in plain text. Use a
secure channel (for example, SSH or the serial console), to connect to the switch on which you are
setting the secrets.