The OneCommand Utility User Manual
Page 116
Linux Considerations
To activate FC-SP/Authentication between the adapter host port and fabric F_Port using DHCHAP, you
must modify the DHCHAP-associated driver properties in the driver configuration file.
The Emulex driver for Linux version 8.2.0.x supports MD5 and SHA-1 hash functions and supports the
following DH groups: Null, 1024, 1280, 1536, and 2048.
Enabling Authentication
Enabling authentication is a two step process. To enable authentication:
•
The fcauthd daemon must be running.
•
The lpfc_enable_auth module parameter must be set to enabled.
The lpfc_enable_auth Module Parameter
Use the lpfc_enable_auth module parameter to enable or disable authentication support. This module
parameter can be set when loading the driver to enable or disable authentication on all Emulex adapters
in the system, or it
can
be set dynamically after the driver is loaded to enable or disable authentication
for each port (physical and virtual). The default setting for the lpfc-enable-auth module parameter is
disabled.
The fcauthd Daemon
The Emulex LPFC driver requires the fcauthd daemon to perform authentication tasks for it. To enable
authentication you must have this daemon running. If you want to load the driver with authentication
enabled, the fcauthd daemon should be running prior to driver load. The driver can start with
authentication enabled if the daemon is not running, but all ports are placed into an error state. When
the daemon is started the driver should discover the daemon and reset the adapter to enable the driver
to perform authentication. To test if this daemon is running, start the daemon, or stop the daemon, you
must use the /etc/init.d/fcauthd script. This script accepts the standard daemon parameters: start, stop,
reload, status, restart, and condrestart.
The script syntax is /etc/init.d/fcauthd <parameter>.
fcauthd Daemon Parameters
The fcauthd daemon supports the following parameters:
•
start - To start the fcauthd daemon pass the start command to the fcauthd script. This command
loads the daemon into memory, opens a netlink connection to the driver, and reads the
authentication configuration database into memory for use by the LPFC driver.
•
stop - To stop the fcauthd daemon pass the stop command to the fcauthd script. This command
takes down the netlink connection between the fcauthd daemon and the LPFC driver and stops
the fcauthd daemon.
•
reload - The reload command reloads the authentication configuration database into memory.
This is done whenever the database is changed by another application (the OneCommand
Manager application) or by you. If the database is changed, the new configuration information is
not used until the fcauthd daemon reloads the database.
Note: This version of the driver supports N-Port to F-Port authentication only and does not
support N-Port to N-Port authentication.
Note: The 8.2.0.X driver connects directly to the fcauthd daemon. To unload the driver you
must first stop the fcauthd daemon. This will close the netlink connection and allow
the LPFC driver to unload.