Manualshelf

HP StorageWorks Secure Fabric OS 5.0.0 User Guide (AA-RW1UA-TE, May 2005)

ManualsBrandsHP ManualsStorageBrocade BladeSystem 4/24 SAN Switch
41424344454647484950
Integrating Secure Fabric OS50
Configuring authentication
By default Secure Fabric OS on Fabric OS v3.2.0 and v4.4.x uses SLAP or FCAP protocols
for authentication. These protocols use digital certificates, based on switch WWN and PKI
technology to authenticate switches. Support for FCAP is provided in Secure Fabric OS
v3.2.0 and v4.4.x and is used when both switches support it. Authentication automatically
defaults to SLAP when a switch does not support FCAP.
Alternatively, you can configure Secure Fabric OS to use DH-CHAP authentication. Use the
authUtil command to configure the authentication parameters used by the switch. When
you configure DH-CHAP, authentication, you also must define a pair of
shared secrets
known
to both switches. Figure 1 shows how the secrets are configured. In the pair, one is the local
switch secret and the other is the peer switch secret. (Terms local and peer are relative to an
initiator, or one who initiates authentication is local, and the one who responds is peer.)
Use secAuthSecret to set shared secrets on the switch. Configured, shared secrets are
used at the next authentication. Authentication occurs whenever secure mode is enabled or
whenever there is a state change for the switch or port. The state change can be due to a
switch reboot, or a switch or port enable or disable.
Figure 1 DH-CHAP authentication
Selecting authentication protocols
Use the authUtil command to
Display the current authentication parameters
Select the authentication protocol used between switches
Select the Diffie-Hellman (DH) group for a switch
Switch A
Switch B
Keydatabaseonswitch
Local secret A
Peer secret B
Keydatabaseonswitch
Local secret B
Peer secret A