role resetpw

Resets the password for a specified role. On Luna HSMs, the Partition SO can reset the Crypto Officer password or black PED key only if HSM policy 15: Enable SO reset of partition PIN is enabled. By default, this policy is not enabled and changing it is destructive.

If the target role is not on the current partition, you must specify the target role's partition's slot.

NOTE   Resetting passwords for roles on partitions other than the current active partition is possible only from the administrative partition.

Syntax

role resetpw -name <role> [-password <password>] [-slot <slotnumber>]

Argument(s) Shortcut Description
-name <role> -n Name of role to have password reset.
-password <password> -p

Password for the specified role. Use this option for password-authenticated HSMs only. PED-authenticated HSMs will return an error.

In LunaCM, passwords and activation challenge secrets must be 7-255 characters in length (NOTE: If you are using firmware version 7.0.1, 7.0.2, 7.0.3, 7.3.3, or 7.4.2, activation challenge secrets must be 7-16 characters in length). The following characters are allowed:

abcdefghijklmnopqrstuvwxyzABCDEFGHIJKLMNOPQRSTUVWXYZ0123456789 !@#$%^&*()-_=+[]{}\|/;:',.<>?`~

Double quotation marks (") are problematic and should not be used in passwords.

Spaces are allowed; to specify a password with spaces using the -password option, enclose the password in double quotation marks.

-slot <slotnumber> -s Target slot.

Example

lunacm:> role resetpw -name co

        Please attend to the PED.

Command Result : No Error