Brocade Fabric OS Command Reference Manual Supporting Fabric OS v7.0.0 (April 2011)
Fabric OS Command Reference 57
53-1001764-01
authUtil
22
--authinit [slot/]port [, [slot/]port...| allE
Reinitiates authentication on selected ports after changing the DH-CHAP group,
hash type, and shared secret between a pair of switches. This command does not
work on Private, Loop, NPIV and FICON devices. The command can reinitiate
authentication only if the device was previously authenticated. This command
may bring down the E_Ports if the DH-CHAP shared secrets are not installed
correctly. This command is not supported on encrypted ports ports. Valid options
include the following:
slot
Specify the slot number, if applicable, followed by a slash (/).
port
Specify the port number. On enterprise-class platforms, use the slot/port format for
specifying the port number.
allE
Specify all E_Ports in the switch.
EXAMPLES To display authentication configuration on the switch:
switch:admin> authutil --show
AUTH TYPE HASH TYPE GROUP TYPE
--------------------------------------
fcap,dhchap sha1,md5 0,1,2,3,4
Switch Authentication Policy: PASSIVE
Device Authentication Policy: OFF
To set DH-CHAP as the authentication protocol:
switch:admin> authutil --set -a dhchap
Authentication is set to dhchap.
To set both protocols in order of FCAP and then DH-CHAP:
switch:admin> authutil --set -a all
Authentication is set to fcap,dhchap.
To set DH group 3:
switch:admin> authutil --set -g 3
DH Group was set to 3.
To set all DH groups to be specified in the authentication negotiation in the order of 0, 1, 2, 3, and 4:
switch:admin> authutil --set -g "*"
DH Group is set to 0,1,2,3,4
To set the Switch policy to active mode:
switch:admin> authutil --policy -sw active
Warning: Activating the authentication policy requires
either DH-CHAP secrets or PKI certificates depending
on the protocol selected. Otherwise, ISLs will be
segmented during next E-port bring-up.
ARE YOU SURE (yes, y, no, n): [no] y
Auth Policy is set to ACTIVE