HP StorageWorks Fabric OS 5.3.x administrator guide (5697-0244, November 2009)

134 Configuring advanced security
To re-authenticate E_Ports:
1. Log in to the switch as admin.
2. On a switch running Fabric OS 5.3.0, type the following command:
$authutil –-authinit <slot/port_number(s)|allE>
$authutil –-authinit 2,3,4
$authutil –-authinit allE (all E_ports in the switch)
For directors, use the slot/port format for specifying the port number.
$authutil –-authinit 1/1, 1/2
Managing secret key pairs
When you configure the switches at both ends of a link to use DH-CHAP for authentication, you must also
define a secret key pair—one for each end of the link. Use the secAuthSecret command to perform the
following tasks:
View the WWN of switches with a secret key pair
Set the secret key pair for switches
Remove the secret key pair for one or more switches
Note the following characteristics of a secret key pair:
The secret key pair must be set up locally on every switch. The secret key pair are not distributed
fabric-wide.
If a secret key pair are not set up for a link, authentication fails. The “Authentication Failed” (reason
code 05h) error will be reported and logged.
The minimum length of a shared secret is 8 bytes and the maximum length is 40 bytes.
This section illustrates using the secAuthSecret command to display the list of switches in the current
switch’s shared secret database and to set the secret key pair for the current switch and a connected switch.
See the Fabric OS Command Reference for more details on the secAuthSecret command.
When setting a secret key pair, note that you are entering the shared secrets in plain text. Use a secure
channel (for example, SSH or the serial console) to connect to the switch on which you are setting the
secrets.
To view the list of secret key pairs in the current switches database:
1. Log in to the switch as admin.
2. On a switch running Fabric OS 4.x or 5.x, type secAuthSecret --show; on a switch running
Fabric OS 3.x, type secAuthSecret "
--show".
The output displays the WWN, domain ID, and name (if known) of the switches with defined shared
secrets:
WWN DId Name
-----------------------------------------------
10:00:00:60:69:80:07:52 Unknown
10:00:00:60:69:80:07:5c 1 switchA