148 Fabric OS Administrator’s Guide
53-1001763-02
Authentication policy for fabric elements
7
• FICON channels
• Configupload and download will not be supported for the following AUTH attributes: auth type,
hash type, group type.
Supported HBAs
The following HBAs support authentication:
• Emulex LP11000 (Tested with Storport Miniport v2.0 windows driver)
• Qlogic QLA2300 (Tested with Solaris v5.04 driver)
• Brocade Fibre Channel HBA models 415, 425, 815 and 825
Authentication protocols
Use the authUtil command to perform the following tasks:
• Display the current authentication parameters.
• Select the authentication protocol used between switches.
• Select the DH (Diffie-Hellman) group for a switch.
Run the authUtil command on the switch you want to view or change. Below are the different
options to specify which DH group you want to use.
• 00 – DH Null option
• 01 – 1024 bit key
• 02 – 1280 bit key
• 03 - 1536 bit key
• 04 – 2048 bit key
Viewing the current authentication parameter settings for a switch
1. Log in to the switch using an account assigned to the admin role.
2. Enter the authUtil
--show.
Example of output from the authUtil --show command
AUTH TYPE HASH TYPE GROUP TYPE
--------------------------------------
fcap,dhchap sha1,md5 0, 1, 2, 3, 4
Switch Authentication Policy: PASSIVE
Device Authentication Policy: OFF
Setting the authentication protocol
1. Log in to the switch using an account assigned to the admin role.
2. Enter the authUtil
--set -a command specifying fcap, dhchap, or all.
Example of setting the DH-CHAP authentication protocol
switch:admin> authutil --set -a dhchap
Authentication is set to dhchap.