HP A7533A HP StorageWorks Fabric OS 6.1.x administrator guide (5697-0234, Nove - Page 119
Auth policy restrictions, Selecting authentication protocols
UPC - 829160830858
View all HP A7533A manuals
Add to My Manuals
Save this manual to your list of manuals |
Page 119 highlights
Since the F_Port authentication requires DH-CHAP protocol, selecting the PASSIVE mode will be blocked if only FCAP protocol is selected as the authentication protocol. Similarly de-selecting the DH-CHAP protocol from the authentication protocol list will be blocked if the device authentication is set to PASSIVE. Auth policy restrictions Fabric OS 5.1.0 implementation of DH-CHAP/FCAP does not support integration with RADIUS. All fabric element authentication configurations are performed on a local switch basis. Device authentication policy supports devices that are connected to the switch in point-to-point manner and is visible to the entire fabric. The following are not supported: • Public loop devices • Single private devices • Private loop devices • Mixed public and private devices in loop • NPIV devices • FICON channels • Configupload/download will not be supported for the following AUTH attributes: auth type, hash type, group type. Supported configurations The following HBAs support authentication: • Emulex LP11000 (Tested with Storport Miniport 2.0 windows driver) • Qlogic QLA2300 (Tested with Solaris 5.04 driver) Selecting authentication protocols Use the authUtil command to perform the following tasks: • Display the current authentication parameters • Select the authentication protocol used between switches • Select the Diffie-Hellman (DH) group for a switch Run the authUtil command on the switch you want to view or change. Options for specifying which DH group you want to use include: • 00 - DH Null option • 01 - 1024 bit key • 02 - 1280 bit key • 03 - 1536 bit key • 04 - 2048 bit key This section illustrates using the authUtil command to display the current authentication parameters and to set the authentication protocol to DH-CHAP. To view the current authentication parameter settings for a switch: 1. Log in to the switch using an account assigned to the admin role. 2. On a switch running Fabric OS 6.0, type authUtil --show. Output similar to the following is displayed: AUTH TYPE HASH TYPE GROUP TYPE fcap,dhchap sha1,md5 0, 1, 2, 3, 4 Switch Authentication Policy: PASSIVE Device Authentication Policy: OFF To set the authentication protocol used by the switch to DH-CHAP: 1. Log in to the switch using an account assigned to the admin role. Fabric OS 6.1.x administrator guide 119