role login

Logs the named user into the partition at the current slot.

For password-authenticated HSMs, the entire credential is the password. You can enter your password visibly on-screen with the -password option, or wait to be prompted after pressing enter. Passwords entered at the prompt are masked by asterisks (*). This is the administrative password (Crypto Officer or Crypto User), and it is also the same password that is presented by your application program when it performs cryptographic operations on the application partition.

NOTE The Luna PED screen prompts for a black PED key for any of

>"User",

>"Crypto Officer",

>"Limited Crypto Officer",

>"Crypto User".

The Luna PED is not aware that the key you present has a black or a gray sticker on it. The colored stickers are visual identifiers for your convenience in keeping track of your PED keys. You differentiate by how you label, and how you use, a given physical key that the Luna PED sees as "black" (once it has been imprinted with a secret).

CAUTION! If too many bad login attempts are made against a role, the appropriate security policy for that role is enacted.Too many attempts on the Crypto Officer role causes that role to be locked out until reset by the Partition Security Officer. The bad-login count is reset by a successful login. The output of role show, during that time, gives a status of "Locked out". However, role show continues to show a state of "Locked out" even after the lockout time has expired; the displayed status does not reset until after a successful login.

PKCS#11 permits one role to be logged into a slot, per session. If a role is logged in, and you attempt to log in as a different role, the HSM presents an error message like USER_ALREADY_LOGGED_IN, indicating that some other user role is logged into the current slot via the current session. If you need to log in, your options are:

>Log out the other user and log in as the desired user, in the current session,

>Launch another session (lunacm or other tool), select the slot, and log in from there.

Syntax

role login -name <role> [-password <password>]

Argument(s)	Shortcut	Description
-name <role>	-n	Specifies the name of the role that is logging in. Use the command role list to see the roles available on the partition. Note: If you specify multiple users (for example role login -n Crypto Officer -n Partition SO, the last one entered (in this example, Partition SO), is used.
-password <password>	-p	Specifies the password for the role. Omit this parameter to be prompted for a password, which will be obscured by * characters when entered.

Argument(s)

Shortcut

Description

-name <role>

-n

Specifies the name of the role that is logging in. Use the command role list to see the roles available on the partition.

Note: If you specify multiple users (for example role login -n Crypto Officer -n Partition SO, the last one entered (in this example, Partition SO), is used.

-password <password>

-p

Specifies the password for the role. Omit this parameter to be prompted for a password, which will be obscured by * characters when entered.



	SUPPORT	LEGAL
Luna Cloud HSM Documentation © Copyright 2001-2024, Thales Group Last Updated: 2024-06-06 15:49:14 GMT-04:00	Customer Release Notes Customer Support Portal Support Contacts	End User License Agreement Document Information