Fabric OS Command Reference
55
53-1001764-01
authUtil
22
authUtil
Displays and sets the authentication configuration.
SYNOPSIS
authutil
authutil --show
authutil --set
option value
authutil --policy -sw
option
|
-dev
option
authutil --authinit
[
slot
/]
port
[, [
slot
/]
port
...] |
allE
DESCRIPTION
Use this command to display and set local switch authentication parameters.
Use
--set
to change authentication parameters such as protocol, Diffie-Hellman group (DH group), or
hash type. When no protocol is set, the default setting of "FCAP, DH- CHAP" is used. When no group is
set, the default setting of "*" (meaning "0,1,2,3,4") is used. Configuration settings are saved persistently
across reboots. Configuration changes take effect during the next authentication request.
Use the
--show
command to display the current authentication configuration. Use the
portShow
command to display the authentication type and associated parameters, if applicable, used on the port.
Authentication parameters are set on a per-switch basis. If Virtual Fabrics are enabled, all authentication
parameters apply to the current logical switch context only, and must be configured separately for each
logical switch. Use
setContext
to change the current logical switch context.
In a VF environment, authentication is performed only on physical E_Ports, not on logical interswitch
links (LISLs).
NOTES
The execution of this command is subject to Virtual Fabric or Admin Domain restrictions that may be in
place. Refer to Chapter 1, "Using Fabric OS Commands" and Appendix A, "Command Availability" for
details.
OPERANDS
This command has the following operands:
--show
Displays the local authentication configuration.
--set
option
value
Modifies the authentication configuration. Valid
options
and their
values
include
the following:
-a
fcap | dhchap | all
Sets the authentication protocol. Specify "fcap" to set only FCAP authentication.
Specify "dhchap" to set only DH-CHAP authentication. Specify "all" to set both
FCAP and DH-CHAP, which is the default setting. When authentication is set to
"all", the implicit order is FCAP followed by DH-CHAP. This means that in
authentication negotiation, FCAP is given priority over DH-CHAP on the local
switch. If the negotiation is done for an encrypted port, DHCHAP takes
precedence over FCAP.
-g
0 | 1 | 2 | 3 |4 | *
Sets the Diffie-Hellman (DH) group. Valid values are 0 to 4 and "*". The DH group
0 is called NULL DH. Each DH group implicitly specifies a key size and associated
parameters. A higher group value provides stronger cryptography and a higher
level of security. When DH group is set to a specified value, only that DH group is