beautypg.com

Authentication protocols, Setting the authentication protocol – Brocade Fabric OS Administrators Guide (Supporting Fabric OS v7.3.0) User Manual

Page 226

background image

NOTE
For information about how to use authentication with Access Gateway, refer to the Access Gateway
Administrator's Guide.

Authentication protocols

Use the authUtil command to perform the following tasks:

• Display the current authentication parameters.
• Select the authentication protocol used between switches.
• Select the DH (Diffie-Hellman) group for a switch.

Run the authUtil command on the switch you want to view or change. Below are the different options
to specify which DH group you want to use.

• 00 - DH Null option
• 01 - 1024 bit key
• 02 - 1280 bit key
• 03 - 1536 bit key
• 04 - 2048 bit key

Viewing the current authentication parameter settings for a switch

1. Log in to the switch using an account with admin permissions, or an account with the O permission

for the Authentication RBAC class of commands.

2. Enter the authUtil --show command.

Example of output from the authUtil-- show command

AUTH TYPE HASH TYPE GROUP TYPE

--------------------------------------

fcap,dhchap sha1,md5 0, 1, 2, 3, 4

Switch Authentication Policy: PASSIVE

Device Authentication Policy: OFF

Setting the authentication protocol

1. Log in to the switch using an account with admin permissions, or an account with OM permissions

for the Authentication RBAC class of commands.

2. Enter the authUtil --set -a command specifying fcap, dhchap, or all.

Example of setting the DH-CHAP authentication protocol

switch:admin> authutil --set -a dhchap

Authentication is set to dhchap.

When using DH-CHAP, make sure that you configure the switches at both ends of a link.

NOTE
If you set the authentication protocol to DH-CHAP or FCAP, have not configured shared secrets or
certificates, and authentication is checked (for example, you enable the switch), then switch
authentication will fail.If the E_Port is to carry in-flight encrypted traffic, the authentication protocol
must be set to DH-CHAP. You must also use the -g option to set the DH group value to group 4 or

Authentication protocols

226

Fabric OS Administrators Guide

53-1003130-01

See also other documents in the category Brocade Computer Accessories: