hsm ped timeout set
Set the remote PED connection (rped) or PED key interaction (pedk) timeout values:
>rped - is the connection inactivity timeout. The default is 1800 seconds (30 minutes). While we do not anticipate any great security risk from having a Remote PED connection left open and unused for long periods, we do suggest that having sessions open indefinitely might be an invitation, so set the rped value as long as you realistically need, but not more.
>pedk - is for PED key activities in particular. The default is 200 seconds. It might be useful to increase that timeout if you are initializing your HSM with large values for MofN on some-or-all PED keys. We have tested initializations with all secrets set to the maximum MofN, equal to 16 of 16, and a pedk value of 900 seconds (15 minutes) was adequate to complete the necessary interactions. If you are not using MofN, then leave 'pedk' at its default value.
After rped expires, you must re-establish the Remote PED link with hsm ped disconnect and hsm ped connect before issuing any HSM or application partition commands that require PED interaction. We recommend running disconnect before reconnecting because, although the link normally disconnects cleanly upon timeout, it can happen that the link is left in an indeterminate state, and a disconnect before a connect corrects that.
User Privileges
Users with the following privileges can perform this command:
>Admin
>Operator
Syntax
hsm ped timeout set -type <type> -seconds <seconds>
Argument(s) | Shortcut | Description |
---|---|---|
-seconds <seconds> | -s |
Specifies the timeout value, in seconds, for the specified type. Range: 1 to 99999 Defaults: 1800 (rped), 200 (pedk) |
-type <type> | -t |
Specifies the timeout type. Valid values: >rped - set the remote PED connection inactivity timeout. >pedk - set the PED key timeout. |
Example
lunash:>hsm ped timeout set -type pedk -seconds 30 Set the timeout value to 30 seconds. Command Result : 0 (Success)