Brocade Fabric OS Command Reference (Supporting Fabric OS v7.3.0) User Manual

Page 92

background image

62

Fabric OS Command Reference

53-1003131-01

authUtil

2

-g 0 | 1 | 2 | 3 |4 | *

Sets the Diffie-Hellman (DH) group. Valid values are 0 to 4 and "*". The DH group
0 is called NULL DH. Each DH group implicitly specifies a key size and associated
parameters. A higher group value provides stronger cryptography and a higher
level of security. When DH group is set to a specified value, only that DH group is
enabled. Specifying "*" enables all DH groups 0, 1, 2, 3, and 4, in that order. This
means that in authentication negotiation, the NULL DH group is given priority over
all other groups. In the case of a port that is enabled for encryption and you
specify "*", the DH group 4 is selected.This option is supported in AG mode.

-h sha256 | sha1 | md5 | all

Sets the hash type. Valid values are "sha256", "sha1", "md5", or "all". Enabling
sha256 access is required when configuring the system for FIPS. Refer to the
Fabric OS Administrator's Guide for details on FIPS configuration. This option is
supported in AG mode.

--policy

Sets the switch authentication policy or device authentication policy. The following
options are supported:

-sw off | passive | active | on

Sets the switch authentication policy. Specify one of the following modes.
Operands are exclusive. If the switch has ports enabled for encryption, only the
ON and ACTIVE options are supported. Only on and off options are supported in
AG mode.

off

Turns the authentication policy off, and the switch rejects any authentication
requests.

passive

Sets the authentication policy to passive mode (default) . The switch does not
initiate authentication but participates in authentication if the connecting
switch initiates authentication.

active

Sets the authentication policy to active mode. During switch initialization,
authentication is initiated on all E_Ports, but the port is not disabled if the
connecting switch does not support authentication or the authentication policy
is turned off.

on

Sets the switch authentication policy to ON mode. Strict authentication is
enforced on all E_Ports. The interswitch link (ISL) goes down (port disable), if
the connecting switch does not support the authentication or the
authentication policy is switched off.

-dev off | passive | on

Sets the device authentication policy. Three modes are supported. Device
authentication policy is off by default. This option and suboptions are supported in
AG mode.

off

Turns off the device authentication policy. Authentication is not required. The
switch ignores any authentication requests and continues with the FC probing
without authentication.

passive

Sets the authentication policy to passive mode. Authentication is optional. If
the attached device is capable of doing the authentication then the switch
participates in authentication; otherwise it forms an F_Port without
authentication. In this mode the device accepts authentication on all F_Ports.