You are here: Administration & Maintenance Manual > HSM Administration > Authenticating - PED and Password > Password Authentication - About

Luna Concepts


About Password Authentication

This section applies to versions of Luna HSM that control access via typed text-string authentication, or passwords, at all authentication levels. For Luna HSMs, this is sometimes referred to as "FIPS 140-2 Level 2" or simply "FIPS Level 2" or "FIPS 2" authentication.


If you  received a Luna PED and PED Keys, then your Luna appliance's HSM probably uses Trusted Path Authentication, and not Password Authentication (verify with the hsm displayLicenses command), and this page does not apply to you.
We also can refer to that version as "FIPS 140-2 Level 3" authentication.
See "About Trusted Path Authentication", instead.

In general, there are two paths to access the Luna appliance and its HSM:

For Luna HSMs with Password Authentication (see the left-hand side of this diagram), the various, layered roles are protected by passwords:

What's The One-Sentence Summary of How This Works?

How about two sentences?

Objects on the HSM are encrypted by the owner of the HSM Admin space or of the User space (partition), and can be decrypted and accessed only by means of the specific secret (password) imparted by the HSM Admin or the partition User respectively.

If you cannot present the secret (the password) that encrypted the objects, then the HSM is just a secure storage device to which you have no access, and those objects might as well not exist.

What is initialization?