Emulex OneCommand Manager Application User Manual (P006979-01A Version 5.2, August 2011)

ManualsBrandsHP ManualsServerHP ProLiant BL465c G7 Server

141

142

143

144

145

146

147

148

149

150

The OneCommand Manager User Manual Page 140

Authentication must be enabled at the driver level. Authentication is disabled by default. To enable

DHCHAP using the Driver Parameters tab, enable one of the following parameters: enable-auth (in

Windows), enable-auth (Solaris) or enable-auth (in Linux 8.2).

Linux Considerations

To activate FC-SP/Authentication between the adapter host port and fabric F_Port using DHCHAP, you

must modify the DHCHAP-associated driver properties in the driver configuration file.

The Emulex driver for Linux version 8.2.0.x supports MD5 and SHA-1 hash functions and supports the

following DH groups: Null, 1024, 1280, 1536, and 2048.

Enabling Authentication

Enabling authentication is a two step process. To enable authentication:

• The fcauthd daemon must be running.

• The lpfc_enable_auth module parameter must be set to enabled.

The lpfc_enable_auth Module Parameter

Use the lpfc_enable_auth module parameter to enable or disable authentication support. This module

parameter can be set when loading the driver to enable or disable authentication on all Emulex adapters

in the system, or it

can be set dynamically after the driver is loaded to enable or disable authentication

for each port (physical and virtual). The default setting for the lpfc-enable-auth module parameter is

disabled.

The fcauthd Daemon

The Emulex LPFC driver requires the fcauthd daemon to perform authentication tasks for it. To enable

authentication you must have this daemon running. If you want to load the driver with authentication

enabled, the fcauthd daemon should be running prior to driver load. The driver can start with

authentication enabled if the daemon is not running, but all ports are placed into an error state. When

the daemon is started the driver should discover the daemon and reset the adapter to enable the driver

to perform authentication. To test if this daemon is running, start the daemon, or stop the daemon, you

must use the /etc/init.d/fcauthd script. This script accepts the standard daemon parameters: start, stop,

reload, status, restart, and condrestart.

The script syntax is /etc/init.d/fcauthd <parameter>.

fcauthd Daemon Parameters

The fcauthd daemon supports the following parameters:

• start - To start the fcauthd daemon pass the start command to the fcauthd script. This command

loads the daemon into memory, opens a netlink connection to the driver, and reads the

authentication configuration database into memory for use by the LPFC driver.

Note: The authentication driver parameters are only available on local hosts. The

OneCommand Manager application GUI does not display this driver parameter for

any remote hosts.

Note: This version of the driver supports N-Port to F-Port authentication only and does not

support N-Port to N-Port authentication.

Note: The 8.2.0.X driver connects directly to the fcauthd daemon. To unload the driver you

must first stop the fcauthd daemon. This closes the netlink connection and allows the

LPFC driver to unload.