beautypg.com

Authutil – Dell POWEREDGE M1000E User Manual

Page 90

background image

62

Fabric OS Command Reference

53-1002746-01

authUtil

2

authUtil

Displays and sets the authentication configuration.

SYNOPSIS

authutil

authutil --show

authutil --set option value

authutil --policy -sw option | -dev option

authutil --authinit [slot/]port[, [slot/]port...] | allE

DESCRIPTION

Use this command to display and set local switch authentication parameters.

Use --set to change authentication parameters such as protocol, Diffie-Hellman group (DH group), or
hash type. When no protocol is set, the default setting of "FCAP, DH- CHAP" is used. When no group is
set, the default setting of "*" (meaning "0,1,2,3,4") is used. Configuration settings are saved persistently
across reboots. Configuration changes take effect during the next authentication request.

Use the --show command to display the current authentication configuration.

Authentication parameters are set on a per-switch basis. If Virtual Fabrics are enabled, all authentication
parameters apply to the current logical switch context only, and must be configured separately for each
logical switch. Use setContext to change the current logical switch context.

In a VF environment, authentication is performed only on physical E_Ports, not on logical interswitch
links (LISLs).

NOTES

The execution of this command is subject to Virtual Fabric or Admin Domain restrictions that may be in
place. Refer to Chapter 1, "Using Fabric OS Commands" and Appendix A, "Command Availability" for
details.

OPERANDS

This command has the following operands:

--show

Displays the local authentication configuration.This option is supported in the
Access Gateway (AG) mode.

--set option value

Modifies the authentication configuration. Valid options and their values include
the following:

-a fcap | dhchap | all

Sets the authentication protocol. Specify "fcap" to set only FCAP authentication.
Specify "dhchap" to set only DH-CHAP authentication. Specify "all" to set both
FCAP and DH-CHAP, which is the default setting. When authentication is set to
"all", the implicit order is FCAP followed by DH-CHAP. This means that in
authentication negotiation, FCAP is given priority over DH-CHAP on the local
switch. If the negotiation is done for an encrypted port, DHCHAP takes
precedence over FCAP. The --set dhchap and --set all options are supported in
the AG mode.

-g 0 | 1 | 2 | 3 |4 | *

Sets the Diffie-Hellman (DH) group. Valid values are 0 to 4 and "*". The DH group
0 is called NULL DH. Each DH group implicitly specifies a key size and associated
parameters. A higher group value provides stronger cryptography and a higher
level of security. When DH group is set to a specified value, only that DH group is