148 Fabric OS Administrator’s Guide
53-1001763-02
Authentication policy for fabric elements
7
FICON channels
Configupload and download will not be supported for the following AUTH attributes: auth type,
hash type, group type.

Supported HBAs

The following HBAs support authentication:
Emulex LP11000 (Tested with Storport Miniport v2.0 windows driver)
Qlogic QLA2300 (Tested with Solaris v5.04 driver)
Brocade Fibre Channel HBA models 415, 425, 815 and 825

Authentication protocols

Use the authUtil command to perform the following tasks:
Display the current authentication parameters.
Select the authentication protocol used between switches.
Select the DH (Diffie-Hellman) group for a switch.
Run the authUtil command on the switch you want to view or change. Below are the different
options to specify which DH group you want to use.
00 – DH Null option
01 1024 bit key
02 – 1280 bit key
03 - 1536 bit key
04 – 2048 bit key

Viewing the current authentication parameter settings for a switch

1. Log in to the switch using an account assigned to the admin role.
2. Enter the authUtil --show.
Example of output from the authUtil --show command
AUTH TYPE HASH TYPE GROUP TYPE
--------------------------------------
fcap,dhchap sha1,md5 0, 1, 2, 3, 4
Switch Authentication Policy: PASSIVE
Device Authentication Policy: OFF

Setting the authentication protocol

1. Log in to the switch using an account assigned to the admin role.
2. Enter the authUtil --set -a command specifying fcap, dhchap, or all.
Example of setting the DH-CHAP authentication protocol
switch:admin> authutil --set -a dhchap
Authentication is set to dhchap.