partition init
Initialize an application partition. This command is used within the partition being initialized.
For password-authenticated HSMs, if the password is not provided via the command line, the user is interactively prompted for it. Input is echoed as asterisks, and user is asked for password confirmation. This creates the Partition Security Officer role.
For PED-authenticated HSMs, PED action is required, and a Partition SO PED key (blue) is imprinted. Any password provided at the command line is ignored.
NOTE For the SafeNet Luna Network HSM, only Luna Shell commands can be used with a PED-initiated Remote PED connection. Client-side LunaCM commands such as partition init cannot be executed. This means that only administrative personnel, logging in via Luna Shell (lunash:>) can authenticate to the HSM using a PED-initiated Remote PED connection.
To perform actions requiring authentication on Network HSM partitions (that is, from the client side) any Remote PED connection must be launched by the HSM, and the data-center firewall rules must permit such outward initiation of contact.
Domain matching and the default domain
If you do not specify a domain in the command line, you are prompted for it.
If you type a character string at the prompt, that string becomes the domain for the partition.
When you run the partition backup command, you are again prompted for a domain for the target partition on the backup HSM. You can specify a string at the command line, or omit the parameter at the command line and specify a string when prompted. Otherwise press Enter with no string at the prompt to apply the default domain. The domain that you apply to a backup HSM must match the domain on your source HSM partition.
Syntax
partition init -label <string> [-password <string>] [-domain <string>] [-applytemplate <filepath/filename>] [-defaultdomain] [-auth] [-force]
Argument(s) | Shortcut | Description |
---|---|---|
-applytemplate <filepath/filename> | -at |
Apply a policy template located in the specified directory. |
-auth | -a | Log in after the initialization. |
-defaultdomain | -def | Default cloning domain name. Deprecated. Used only on password-authenticated HSMs, and not recommended. Kept for compatibility with previous, existing configurations; will be discontinued in a future release. |
-domain | -d |
Partition domain name. Used only on password-authenticated HSMs; ignored for PED-authenticated. The domain string must be 1-128 characters in length. The following characters are allowed:
The following characters are problematic or invalid and must not be used in a domain string: Spaces are allowed, as long as the leading character is not a space; to specify a domain string with spaces using the -domain option, enclose the string in double quotation marks. |
-force | -f | Force the action (useful for scripting). |
-label | -l |
Label for the partition. The partition label created during initialization must be 1-32 characters in length. If you specify a longer label, it will automatically be truncated to 32 characters. The following characters are allowed:
Question marks ( Spaces are allowed; enclose the label in double quotation marks if it includes spaces. |
-password | -p |
Partition Security Officer Password. In LunaCM, passwords
Double quotation marks ( Spaces are allowed; to specify a password with spaces using the -password option, enclose the password in double quotation marks. |
Example
lunacm:> partition init -label par2 You are about to initialize the partition. All contents of the partition will be destroyed. Are you sure you wish to continue? Type 'proceed' to continue, or 'quit' to quit now -> proceed Enter password for Partition SO: ******** Re-enter password for Partition SO: ******** Option -domain was not specified. It is required. Enter the domain name: ******** Re-enter the domain name: ******** Command Result : No Error