Table 8: LPFCDFC Driver for Linux, Static Parameters

Variable

Default

Min

Max

Comments

 

 

 

 

 

 

 

 

 

 

lpfc_scsi_req_tmo

30

0

255

Time out value (in seconds) for SCSI request

 

 

 

 

sent through lpfcdfc module. (Not available

 

 

 

 

using HBAnyware GUI. Command line only.)

 

 

 

 

 

Version 8.2 LPFC and LPFCDFC Parameter

DH-CHAP Authentication and Configuration

The Emulex driver for Linux version 8.2.0.x supports the FC-SP/Authentication DH-CHAP (Diffie- Hellmann Challenge Handshake Authentication Protocol). To activate FC-SP/Authentication between the HBA host port and Fabric F_port using DH-CHAP, you modify the DH-CHAP associated driver properties in the driver configuration file.

The Emulex driver for Linux version 8.2.0.x supports MD5 and SHA-1 hash functions and supports the following DH groups: Null, 1024, 1280, 1536, and 2048.

Note: This version of the driver supports for N-Port to F-Port authentication only and does not support N-Port to N-Port authentication.

Enabling Authentication

Enabling authentication is a two step process. To enable authentication:

The fcauthd daemon must be running.

The lpfc_enable_auth module parameter must be set to enabled.

The lpfc_enable_auth Module Parameter

Use the lpfc_enable_auth module parameter enable or disable authentication support. This module parameter can be set when loading the driver to enable or disable authentication on all Emulex HBAs in the system, or it may be set dynamically after the driver is loaded to enable or disable authentication for each port (physical and virtual). The default setting for the lpfc-enable-auth module parameter is disabled. SeeTable 10 starting on page 91 for the parameter values.

The fcauthd Daemon

The Emulex LPFC driver requires the fcauthd daemon to perform authentication tasks for it. To enable authentication you must have this daemon running. If you want to load the driver with authentication enabled, the fcauthd daemon should be running prior to driver load. The driver can start with authentication enabled if the daemon is not running, but all ports will be placed into an error state. When the daemon is started the driver should discover the daemon and reset the HBA to enable the driver to perform authentication. To test if this daemon is running, start the daemon, or stop the daemon, you must use the /etc/init.d/fcauthd script. This script accepts the standard daemon parameters: start, stop, reload, status, restart, and condrestart.

The script syntax is /etc/init.d/fcauthd <parameter>.

Note: The 8.2.0.X driver connects directly to the fcauthd daemon. To unload the driver you must first stop the fcauthd daemon. This will close the netlink connection and allow the LPFC driver to unload.

The HBAnyware Utility User Manual

Page 88

Page 93
Image 93
Emulex 3.4 Version 8.2 Lpfc and Lpfcdfc Parameter, DH-CHAP Authentication and Configuration, Enabling Authentication