Brocade Fabric OS Command Reference Manual Supporting Fabric OS v6.3.0 (53-1001337-01, July 2009)
Fabric OS Command Reference 53
53-1001337-01
authUtil
2
authinit [slotnumber/]portnumber [, [slotnumber]/portnumber...| allE
Re-initiates authentication on selected ports after changing the DH-CHAP
group, hash type, and shared secret between a pair of switches. This
command does not work on Private, Loop, NPIV and FICON devices. The
command can re-initiate authentication only if the device was previously
authenticated. This command may bring down the E_Ports if the DH-CHAP
shared secrets are not installed correctly. Valid options include:
slotnumber Specify the slot number, if applicable, followed by a slash (/).
portnumber Specify the port number. On enterprise-class platforms, use the
slotnumber/portnumber format for specifying the port number.
allE Specify all E_Ports in the switch.
Examples To display authentication configuration on the switch:
switch:admin> authutil --show
AUTH TYPE HASH TYPE GROUP TYPE
--------------------------------------
fcap,dhchap sha1,md5 0,1,2,3,4
Switch Authentication Policy: PASSIVE
Device Authentication Policy: OFF
To set DH-CHAP as the authentication protocol:
switch:admin> authutil --set -a dhchap
Authentication is set to dhchap.
To set both protocols in order of FCAP and then DH-CHAP:
switch:admin> authutil --set -a all
Authentication is set to fcap,dhchap.
To set DH group 3:
switch:admin> authutil --set -g 3
DH Group was set to 3.
To set all DH groups to be specified in the authentication negotiation in the order of 0, 1, 2, 3, and
4:
switch:admin> authutil --set -g "*"
DH Group is set to 0,1,2,3,4
To set the Switch policy to active mode:
switch:admin> authutil --policy -sw active
Warning: Activating the authentication policy requires
either DH-CHAP secrets or PKI certificates depending
on the protocol selected. Otherwise, ISLs will be
segmented during next E-port bring-up.
ARE YOU SURE (yes, y, no, n): [no] y
Auth Policy is set to ACTIVE