Authutil – Dell POWEREDGE M1000E User Manual
Page 90
62
Fabric OS Command Reference
53-1002746-01
authUtil
2
authUtil
Displays and sets the authentication configuration.
SYNOPSIS
authutil
authutil --show
authutil --set option value
authutil --policy -sw option | -dev option
authutil --authinit [slot/]port[, [slot/]port...] | allE
DESCRIPTION
Use this command to display and set local switch authentication parameters.
Use --set to change authentication parameters such as protocol, Diffie-Hellman group (DH group), or
hash type. When no protocol is set, the default setting of "FCAP, DH- CHAP" is used. When no group is
set, the default setting of "*" (meaning "0,1,2,3,4") is used. Configuration settings are saved persistently
across reboots. Configuration changes take effect during the next authentication request.
Use the --show command to display the current authentication configuration.
Authentication parameters are set on a per-switch basis. If Virtual Fabrics are enabled, all authentication
parameters apply to the current logical switch context only, and must be configured separately for each
logical switch. Use setContext to change the current logical switch context.
In a VF environment, authentication is performed only on physical E_Ports, not on logical interswitch
links (LISLs).
NOTES
The execution of this command is subject to Virtual Fabric or Admin Domain restrictions that may be in
place. Refer to Chapter 1, "Using Fabric OS Commands" and Appendix A, "Command Availability" for
details.
OPERANDS
This command has the following operands:
--show
Displays the local authentication configuration.This option is supported in the
Access Gateway (AG) mode.
--set option value
Modifies the authentication configuration. Valid options and their values include
the following:
-a fcap | dhchap | all
Sets the authentication protocol. Specify "fcap" to set only FCAP authentication.
Specify "dhchap" to set only DH-CHAP authentication. Specify "all" to set both
FCAP and DH-CHAP, which is the default setting. When authentication is set to
"all", the implicit order is FCAP followed by DH-CHAP. This means that in
authentication negotiation, FCAP is given priority over DH-CHAP on the local
switch. If the negotiation is done for an encrypted port, DHCHAP takes
precedence over FCAP. The --set dhchap and --set all options are supported in
the AG mode.
-g 0 | 1 | 2 | 3 |4 | *
Sets the Diffie-Hellman (DH) group. Valid values are 0 to 4 and "*". The DH group
0 is called NULL DH. Each DH group implicitly specifies a key size and associated
parameters. A higher group value provides stronger cryptography and a higher
level of security. When DH group is set to a specified value, only that DH group is