Linux considerations, Enabling authentication, Linux considerations enabling authentication – Dell Emulex Family of Adapters User Manual

Page 244

Advertising
background image

OneCommand™ Manager Application

P010066-01A Rev. A

9. Using FC-SP DHCHAP Authentication (Windows, Linux 8.2 and Solaris)

Linux Considerations

244

9. Using FC-SP DHCHAP Authentication

(Windows, Linux 8.2 and Solaris)

Use the DHCHAP tab to view and configure FC-SP DHCHAP (Diffie-Hellmann

Challenge Handshake Authentication Protocol). You can authenticate an adapter to a

switch.

Note: The following notes apply when using FC-SP DHCHAP authentication:

DHCHAP is available only for FC ports, not FCoE ports.

DHCHAP is not available on LPe15000- and LPe16000-series adapters.

DHCHAP is available only for physical ports, not for virtual ports.

DHCHAP is not supported on COMSTAR ports.

DHCHAP is not supported on RHEL6+ and SLES11-SP1+.

DHCHAP is not supported on OneConnect adapters.

The authentication driver parameters are only available on local hosts. The

OneCommand Manager application GUI does not display this driver

parameter for any remote hosts.

Once DHCHAP has been activated and configured, manually initiate authentication

per adapter by clicking on the Initiate Authentication button or by inducing a fabric

login (FLOGI) time per the FC-SP standard to the switch. A FLOGI can also be caused

by bringing the link between the switch and adapter down and then up. (Not available

in read-only mode.)
Authentication must be enabled at the driver level. Authentication is disabled by

default. To enable DHCHAP using the Driver Parameters tab, enable one of the

following parameters: enable-auth (in Windows), enable-auth (Solaris), or enable-auth

(in Linux 8.2).

Linux Considerations

To activate FC-SP/Authentication between the adapter host port and fabric F_Port

using DHCHAP, you must modify the DHCHAP-associated driver properties in the

driver configuration file.
The Emulex driver for Linux version 8.2.0.x supports MD5 and SHA-1 hash functions

and supports the following DH groups: Null, 1024, 1280, 1536, and 2048.

Note: This version of the driver supports N-Port to F-Port authentication only and

does not support N-Port to N-Port authentication.

Enabling Authentication

Enabling authentication is a two step process. To enable authentication:

The fcauthd daemon must be running.

The lpfc_enable_auth module parameter must be set to enabled.

Advertising
Popular Brands
Popular manuals