7
Authentication policy for fabric elements
Authentication protocols
Use the authUtil command to perform the following tasks:
•
•
•
Run the authUtil command on the switch you want to view or change. Below are the different
options to specify which DH group you want to use.
•
•
•
•
•
Viewing the current authentication parameter settings for a switch
1. Log in to the switch using an account with admin permissions, or an account with the O
2. Enter the authUtil --show.
Example of output from the authUtil --show command
Setting the authentication protocol
1. Log in to the switch using an account with admin permissions, or an account with OM
2. Enter the authUtil --set
Example of setting the DH-CHAP authentication protocol
212
Display the current authentication parameters.
Select the authentication protocol used between switches.
Select the DH (Diffie-Hellman) group for a switch.
00 – DH Null option
01 – 1024 bit key
02 – 1280 bit key
03 - 1536 bit key
04 – 2048 bit key
permission for the Authentication RBAC class of commands.
AUTH TYPE
HASH TYPE
--------------------------------------
fcap,dhchap
sha1,md5
Switch Authentication Policy: PASSIVE
Device Authentication Policy: OFF
permissions for the Authentication RBAC class of commands.
-
switch:admin> authutil --set -a dhchap
Authentication is set to dhchap.
When using DH-CHAP, make sure that you configure the switches at both ends of a link.
NOTE
If you set the authentication protocol to DH-CHAP or FCAP, have not configured shared secrets
or certificates, and authentication is checked (for example, you enable the switch), then switch
authentication will fail.
If the E_Port is to carry in-flight encrypted traffic, the authentication protocol must be set to
DH-CHAP. You must also use the -g option to set the DH group value to group 4 or all groups.
See
Chapter 14, "In-flight Encryption and Compression,"
GROUP TYPE
0, 1, 2, 3, 4
a command specifying fcap, dhchap, or all.
for details about in-flight encryption.
Fabric OS Administrator's Guide
53-1002745-02