role init
Initializes (creates) the named role on the current partition / slot, if applicable.
Use lunacm:> role list to see which roles are availableon the current partition/slot.
The Auditor role can exist only on the SafeNet Luna PCIe HSM's administrative partition, and shares that partition with the HSM Security Officer. The Auditor role cannot be initialized by another role. Therefore, if the HSM SO is currently logged in, the SO must log out before you run role init to create the Auditor.
When the Auditor role is created, it has no domain set. To allow Auditor to clone, you must log in as Auditor and run lunacm:> role setdomain.
Syntax
role init -name <role> [-password <password>]
Argument(s) | Shortcut | Description |
---|---|---|
-name <role> | -n |
Name of role to be initialized. You can type the entire string, or use the shortcut shown in parentheses (not case-sensitive). Valid roles: Crypto Officer (CO). The PO initializes the CO. Crypto User (CU). The CO initializes the CU. Audit (AU). |
-password <password> | -p |
The initial password for role, valid for the initial login only. In LunaCM, passwords
Double quotation marks ( Spaces are allowed; to specify a password with spaces using the -password option, enclose the password in double quotation marks. NOTE The role must change the initial password using the command role changepw during the initial login session, or when they attempt a subsequent login. |
Example
Initializing the Crypto Officer role
lunacm:>role init -name co Please attend to the PED. Command Result : No Error
Initializing the Auditor role
lunacm:>role init -name au Please attend to the PED. Command Result : No Error