Manualshelf

Brocade Fabric OS Command Reference Manual (53-1000240-01, November 2006)

ManualsBrandsHP ManualsComputer AccessoriesHP SN8000B 4-slot Director Enterprise ICL E-LTU
61626364656667686970
Fabric OS Command Reference Manual 2-33
Publication Number: 53-1000240-01
authUtil
2
Note: Enter commands in lowercase only; mixed case is for readability.
authUtil
Displays and sets the authentication configuration.
Synopsis authutil [--show][--set value]
Description Use this command to display and set local switch authentication parameters. Use --set to change
authentication parameters such as protocol and Diffie-Hellman group (DH group). This saves the new
configuration persistently. The authentication process uses the protocol that is set using this command.
When no protocol is set, the default setting of “fcap, dhchap” is used. When no group is set, the default
setting of “*” (meaning “0,1,2,3,4”) is used . The new configuration is effective with the next
authentication request.
Use --show to display the current authentication configuration of the switch. Use portShow to display
the authentication type and associated parameters, if applicable, used on the port at port online or when
enabling security, whichever occurs last.
N
ote
The execution of this command is subject to Admin Domain restrictions that may be in place.
Operands This command has the following operands:
--show Displays local authentication configuration.
--set value Modifies authentication configuration. Values include:
-a Sets authentication protocol. Specify “fcap” to set only FCAP
authentication, “dhchap” to set only DH-CHAP authentication, and “all”
to set both FCAP and DH-CHAP (default). When authentication is set to
“all”, implicit order is FCAP followed by DH-CHAP, meaning that in
authentication negotiation FCAP is given priority over DH-CHAP on the
local switch; however a responder can still select DH-CHAP.
-g Sets Diffie-Hellman (DH) group. Valid values are 0 - 4 and “*”. DH
group 0 is called NULL DH. You can select other groups between 1 and
4. Each DH group specifies a key size and associated parameters
implicitly. Higher group value provides stronger cryptography and
higher level of security in authentication protocol. When DH group is set
to a specified value, only that DH group is enabled in authentication.
Specifying “*” as a group enables all DH groups 0, 1, 2, 3, and 4, in that
order, meaning that in authentication negotiation NULL DH is given
priority over other groups; however a responder can still select another
DH group.
Without any specified operands, the command displays the usage.
Examples To display authentication configuration on the switch:
switch:admin> authutil --show
AUTH TYPE HASH TYPE GROUP TYPE
--------------------------------------
fcap,dhchap sha1,md5 0,1,2,3,4