Manualshelf

Brocade Fabric OS Command Reference Manual - Supporting Fabric OS v5.3.0 (53-1000436-01, June 2007)

ManualsBrandsHP ManualsStorageHP StorageWorks 4/32B SAN Switch Power Pack
71727374757677787980
40 Fabric OS Command Reference Manual
53-1000436-01
authUtil
2
authUtil
Displays and sets the authentication configuration.
Synopsis authutil [--show][--set value] [<--policy - sw <passive|active|on|off>| dev> <off|passive>]
[--authinit <Slotnumber/> <Portnumber>, [Slotnumber/]<Portnumber> | allE]
Description Use this command to display and set local switch authentication parameters. Use --set to change
authentication parameters such as protocol and Diffie-Hellman group (DH group). This saves the
new configuration persistently. The authentication process uses the protocol that is set using this
command.
When no protocol is set, the default setting of “fcap, dhchap” is used. When no group is set, the
default setting of “*” (meaning “0,1,2,3,4”) is used . The new configuration is effective with the
next authentication request.
Use --show to display the current authentication configuration of the switch. Use portShow to
display the authentication type and associated parameters, if applicable, used on the port at port
online or when enabling security, whichever occurs last.
The execution of this command is subject to Admin Domain restrictions that may be in place.
Operands This command has the following operands:
--show Displays local authentication configuration.
--set value Modifies authentication configuration. Values include:
-a Sets authentication protocol. Specify “fcap” to set only FCAP authentication,
“dhchap” to set only DH-CHAP authentication, and “all” to set both FCAP and
DH-CHAP (default). When authentication is set to “all”, implicit order is FCAP
followed by DH-CHAP, meaning that in authentication negotiation FCAP is
given priority over DH-CHAP on the local switch; however a responder can still
select DH-CHAP.
-g Sets Diffie-Hellman (DH) group. Valid values are 0 - 4 and “*”. DH group 0 is
called NULL DH. You can select other groups between 1 and 4. Each DH
group specifies a key size and associated parameters implicitly. Higher group
value provides stronger cryptography and higher level of security in
authentication protocol. When DH group is set to a specified value, only that
DH group is enabled in authentication. Specifying “*” as a group enables all
DH groups 0, 1, 2, 3, and 4, in that order, meaning that in authentication
negotiation NULL DH is given priority over other groups; however a responder
can still select another DH group.
--policy Sets the authentication policy to auto-active mode for a switch (SW) or a
device (Dev). That means the switch initiates the authentication on all
E-ports; if the connecting switch does not support the authentication, then
the E-port bring up will continue without authentication. Values include:
off Turns off the authentication and the switch rejects any authentication
requests.
active Sets the authentication policy to active mode.
passive Sets the authentication policy to Passive mode. That means the switch
accepts authentication on all E-ports.