Secret Key Pairs - HP A7533A - Brocade 4Gb SAN Switch Base Administrator's Manual

This command works independently of the authentication policy; this means you can initiate the
authentication even if the switch is in PASSIVE mode. This command is used to restart authentication after
changing the DH-CHAP group, hash type, and shared secret between a pair of switches.
WARNING! This command may bring down the E_Ports if the DH-CHAP shared secrets are not installed
correctly.
To re-authenticate E_Ports:
1. Log in to the switch using an account assigned to the admin role.
2. On a switch running Fabric OS 5.3.0 and later, issue the following command:
switch:admin> –-authinit
Example for specific ports on the switch:
switch:admin> –-authinit
Example for all E_Ports on the switch:
switch:admin> –-authinit
Example for Enterprise-class platforms using the slop/port format:
switch:admin> –-authinit

Secret key pairs

When you configure the switches at both ends of a link to use DH-CHAP for authentication, you must also
define a secret key pair—one for each end of the link. Use the secAuthSecret command to perform the
following tasks:
• View the WWN of switches with a secret key pair
• Set the secret key pair for switches
• Remove the secret key pair for one or more switches
The following are characteristics of a secret key pair:
• The secret key pair must be set up locally on every switch. The secret key pair are not distributed
fabric-wide.
• If a secret key pair are not set up for a link, authentication fails. The "Authentication Failed" (reason
code 05h) error will be reported and logged.
• The minimum length of a shared secret is 8 bytes and the maximum length is 40 bytes.
This section illustrates the use of the secAuthSecret command to display the list of switches in the
current switch's shared secret database and to set the secret key pair for the current switch and a connected
switch. See the Fabric OS command reference for more details on the secAuthSecret command.
NOTE: When setting a secret key pair, note that you are entering the shared secrets in plain text. Use a
secure channel (for example, SSH or the serial console) to connect to the switch on which you are setting
the secrets.
To view the list of secret key pairs in the current switches database:
1. Log in to the switch using an account assigned to the admin role.
2. On a switch running Fabric OS 4.x, 5.x, or 6.0.0 or later, enter secAuthSecret --show. On a
switch running Fabric OS 3.x, enter secAuthSecret "
122 Configuring advanced security features
<slot/port_number(s)|allE>
2,3,4
allE
1/1, 1/2
--
show".