role createchallenge

Create a challenge secret for the Crypto Officer (CO) or Crypto User (CU) role on the current partition (slot). This command applies to PED-authenticated partitions only.

The challenge secret is a text string (password) that provides an additional level of authentication for PED-authenticated partitions. If you create a challenge secret for a role, the role authenticates to the partition as follows:

>If the role is not activated on the partition, the role must provide both the PED key and challenge secret to gain access to the partition.

>If the role is activated on the partition, the role is able to access the partition using the challenge secret only.

See Activation and Auto-activation on Multi-factor- (PED-) Authenticated Partitions in the Administration Guide for more information.

You must be logged in as the Partition SO to create a challenge for the Crypto Officer. You must be logged in as the Crypto Officer to create a challenge for the Crypto User. The target role must already exist. See role init.

NOTE   This command has no application on slots containing a DPoD HSM on Demand service.

In LunaCM, passwords and challenge secrets must be 7-255 characters in length. The following characters are allowed:

abcdefghijklmnopqrstuvwxyzABCDEFGHIJKLMNOPQRSTUVWXYZ0123456789 !@#$%^&*()-_=+[]{}\|/;:',.<>?`~

Double quotation marks (") are problematic and should not be used in passwords.

Spaces are allowed; to specify a password with spaces using the -password option, enclose the password in double quotation marks.

Syntax

role createchallenge -name <role> [-challengesecret <string>]

Argument(s) Shortcut Description
-name <role> -n Name of role for which the challenge is to be created
-challengesecret -c The challenge secret (password) you wish to create for this role. If this option is not included, you will be prompted to enter a challenge secret, masked by asterisks (*).

Example

lunacm:> role createchallenge -name co

        Please attend to the PED.

        enter new challenge secret: ********

        re-enter new challenge secret: ********

Command Result : No Error