User authentication, Settings for authentication of hosts – HP XP P9500 Storage User Manual
Page 193
The following topics provide information for managing user authentication on host groups, fibre
channel ports, and fabric switches:
•
“User authentication” (page 193)
•
“Fibre channel authentication” (page 199)
•
“Fibre channel port authentication” (page 203)
•
“Setting fibre channel port authentication” (page 203)
)
•
“Registering user information on a fibre channel port” (page 203)
)
•
“Registering user information on a fabric switch” (page 204)
)
•
“Clearing fabric switch user information” (page 204)
•
“Setting the fabric switch authentication mode” (page 205)
•
“Enabling or disabling fabric switch authentication” (page 205)
)
User authentication
When configuring a fibre channel environment, use LUN Manager to set user authentication for
ports between the P9500 storage system and hosts. In a fibre channel environment, the ports and
hosts use Null DH-CHAP or CHAP (Challenge Handshake Authentication Protocol with a Null
Diffie-Hellmann algorithm) as the authentication method.
User authentication is performed in a fibre channel environment in three phases:
1.
A host group of the storage system authenticates a host that attempts to connect (authentication
of hosts).
2.
The host authenticates the connection-target host group of the storage system (authentication
of host groups).
CAUTION:
Because the host bus adapters at present do not support this function, this
authentication phase is unusable in the fibre channel environment.
3.
A target port of the storage system authenticates a fabric switch that attempts to connect
(authentication of fabric switches).
The storage system performs user authentication by host groups. Therefore, the host groups and
hosts need to have their own user information for performing user authentication.
When a host attempts to connect to the storage system, the authentication of hosts phase starts. In
this phase, first it is determined whether the host group requires authentication of the host. If it does
not, the host connects to the storage system without authentication. If it does, authentication is
performed for the host, and when the host is authenticated successfully, processing goes on to the
next phase.
After successful authentication of the host, if the host requires user authentication for the host group
that is the connection target, the authentication of host groups phase starts. In this way, the host
groups and hosts authenticate with each other, that is, mutual authentication. In the authentication
of host groups phase, if the host does not require user authentication for the host group, the host
connects to the storage system without authentication of the host group.
The settings for authentication of host groups are needed only when you want to perform mutual
authentication. The following topics explain the settings required for user authentication.
•
“Settings for authentication of hosts” (page 193)
•
“Settings for authentication of ports (required if performing mutual authentication)” (page 194)
Settings for authentication of hosts
On the storage system, use LUN Manager to specify whether to authenticate hosts on each host
group.
Setting fibre channel authentication
193