HP A7533A HP StorageWorks Fabric OS 6.1.1 administrator guide (5697-0235, Dece - Page 121
Authentication protocols
![]() |
UPC - 829160830858
View all HP A7533A manuals
Add to My Manuals
Save this manual to your list of manuals |
Page 121 highlights
Supported HBAs The following HBAs support authentication: • Emulex LP11000 (Tested with Storport Miniport 2.0 windows driver) • Qlogic QLA2300 (Tested with Solaris 5.04 driver) Authentication protocols Use the authUtil command to perform the following tasks: • Display the current authentication parameters • Select the authentication protocol used between switches • Select the Diffie-Hellman (DH) group for a switch Run the authUtil command on the switch you want to view or change. Options for specifying which DH group you want to use include: • 00 - DH Null option • 01 - 1024 bit key • 02 - 1280 bit key • 03 - 1536 bit key • 04 - 2048 bit key This section illustrates the use of the authUtil command to display the current authentication parameters and to set the authentication protocol to DH-CHAP. See the Fabric OS command reference for details on the authUtil command. To view the current authentication parameter settings for a switch: 1. Log in to the switch using an account assigned to the admin role. 2. On a switch running Fabric OS 6.0 or later, issue the authUtil --show command. Output similar to the following is displayed: AUTH TYPE HASH TYPE GROUP TYPE fcap,dhchap sha1,md5 0, 1, 2, 3, 4 Switch Authentication Policy: PASSIVE Device Authentication Policy: OFF To set the authentication protocol used by the switch to DH-CHAP: 1. Log in to the switch using an account assigned to the admin role. 2. On a switch running Fabric OS 4.x or 5.x, enter authUtil --set -a dhchap; on a switch running Fabric OS 3.x, enter authUtil "--set -a dhchap". Output similar to the following is displayed: Authentication is set to dhchap. When using DH-CHAP, make sure that you configure the switches at both ends of a link. NOTE: If you set the authentication protocol to DH-CHAP, have not yet configured shared secrets, and authentication is checked (for example, you enable the switch), switch authentication fails. E_Port re-authentication Use the command authutil to re-initiate the authentication on selected ports. It provides flexibility to initiate authentication for specified E_Ports, set of E_Ports, and all E_Ports on the switch. This command will not work on Private, Loop, NPIV and FICON devices. The command authutil can re-initiate authentication only if the device was previously authenticated. If the authentication fails because shared secrets do not match, the port is disabled. Fabric OS 6.1.1 administrator guide 121
![](/manual_guide/products/hewlettpackard-ae370a-hp-storageworks-fabric-os-611-administrator-guide-56970235-2009-a28315e/121.png)