This section is HSM Partition setup for Password Authentication. The activities in this section are required in three circumstances.
At this point, the Luna appliance should already:
Within the HSM, separate cryptographic workspaces must be initialized and designated for clients. A workspace, or Partition, and all its contents are protected by encryption derived (in part) from its authentication. Only a Client that presents the proper authentication is allowed to see the Partition and to work with its contents.
In this section, you will:
If you do not already have a connection open, connect your administration computer to the serial Console port of the Luna appliance and open a Terminal session, or use ssh to connect via the network.
To create HSM Partitions, you must login to the Luna HSM as HSM Admin. At the lunash prompt, type:
lunash:> hsm login
Authenticate as HSM Admin by supplying the appropriate HSM Admin password when you are prompted — this is generally preferable to typing the password on the command line, because your response to the password prompt is hidden from view by “*” characters.
If you fail three consecutive login attempts as HSM Admin, the HSM is zeroized and cannot be used — it must be re-initialized. Re-initializing zeroizes the HSM contents. Zeroizing destroys all key material. Please note that the Luna HSM must actually receive some information before it logs a failed attempt, so if you just press [Enter] without typing a password, that is not logged as a failed attempt. Also, when you successfully login, the counter is reset to zero.
If you are not sure that you are currently logged in as HSM Admin, perform an ‘hsm logout’.