Dhchap authentication and configuration, Enabling authentication, Fcauthd daemon – Dell Emulex Family of Adapters User Manual

Emulex Drivers Version 10.2 for Linux User Manual

P010081-01A Rev. A

3. Configuration

DHCHAP Authentication and Configuration

864

DHCHAP Authentication and Configuration

Note: This section is applicable to the FC RHEL5.x driver only.

To activate FC-SP/Authentication between the adapter host port and fabric F_Port

using DHCHAP, modify the DHCHAP-associated driver properties in the driver

configuration file.
The LPFC driver for Linux version RHEL5.x supports MD5 and SHA-1 hash functions

and supports the following DH groups: Null, 1024, 1280, 1536, and 2048.

Enabling Authentication

Enabling authentication is a two-step process. To enable authentication:
1. Start the fcauthd daemon.
2. Set the lpfc_enable_auth module parameter to 1 (enabled).

fcauthd Daemon

The LPFC driver requires the fcauthd daemon to perform authentication tasks for it. To

enable authentication, you must have this daemon running. If you want to load the

LPFC driver with authentication enabled, the fcauthd daemon should be running

before the driver is loaded. The LPFC driver can start with authentication enabled if the

daemon is not running, but all ports are placed into an error state.
When the daemon is started, the LPFC driver should discover the daemon and reset the

adapter to enable the LPFC driver to perform authentication. To test if this daemon is

running, start the daemon, or stop the daemon, you must use the /etc/init.d/fcauthd

script.
The script syntax is /etc/init.d/fcauthd <parameter>.

fcauthd Daemon Parameters

The fcauthd daemon supports the following parameters:



start - To start the fcauthd daemon, pass the start command to the fcauthd

script. This command loads the daemon into memory, opens a netlink

connection for the driver, and reads the authentication configuration database

into memory for use by the LPFC driver.



stop - To stop the fcauthd daemon, pass the stop command to the fcauthd script.

This command takes down the netlink connection between the fcauthd daemon

and the LPFC driver, and stops the fcauthd daemon.



reload - The reload command reloads the authentication configuration database

into memory. This is done whenever the database is changed by another

application (such as the OneCommand Manager application) or by you. If the

database is changed, the new configuration information is not used until the

fcauthd daemon reloads the database.



status - This command displays the current status of the fcauthd daemon. The

status should be either running or stopped.