Manualshelf

HP StorageWorks Fabric OS 5.0.0 Command Reference Guide (AA-RW1MA-TE, May 2005)

ManualsBrandsHP ManualsStorageBrocade BladeSystem 4/24 SAN Switch
51525354555657585960
Fabric OS 5.0.0 command reference guide 51
Displays and sets the authentication configuration.
Synopsis
authutil [--show][--set value]
Availability
admin
Description
Use this command to display and set local switch authentication parameters. Use --set to change
authentication parameters, such as protocol and Diffie-Hellman group (DH group), which saves new
configuration persistently. Authentication process uses the protocol that is set using this command.
When no protocol is set, the default setting of fcap, dhchap is used. The default setting of "*" (for
example, 0,1,2,3,4) is used when no group is set. The new configuration is effective with the next
authentication request.
Use --show to display the current authentication configuration of the switch. Use the portShow
command to display the authentication type and associated parameters, if applicable, used on the port at
port online or when enabling security, whichever occurs last.
NOTE: A security license is required to run this command in nonsecure as well as secure mode.
Operands
This command has the following operands:
authUtil
--show Displays local authentication configuration.
Modifies authentication configuration. Values include:
--set
-a Sets authentication protocol. Specify fcap to set only FCAP
authentication, dhchap to set only DH-CHAP authentication,
and all to set both FCAP and DH-CHAP (default). When
authentication is set to all, implicit order is FCAP followed
by DH-CHAP; for example, in authentication negotiation
FCAP is given priority over DH-CHAP on the local switch,
however a responder can still select DH-CHAP.
-g Sets DH group. Values 0 to 4 and "*" are valid values. DH
group 0 is called NULL DH. A user can select other groups
between 1 and 4. Each DH group specifies a key size and
associated parameters implicitly. Higher group value
provides stronger cryptography and higher level of security
in authentication protocol. When DH group is set to a
specified value, only that DH group is enabled in
authentication. Specifying "*" as a group enables all DH
groups 0, 1, 2, 3, and 4, in that order; for example, in
authentication negotiation NULL DH is given priority over
other groups, however a responder can still select other DH
group.
Without any specified operands, the command displays the usage.