Show the Table of Contents
Set Partition Policy
Having viewed the Policy settings (previous page) you can now modify
a Partition Policy for a given Partition, if required.
- To change a Partition
Policy, at the lunash
prompt type:
lunash:> partition changePolicy -partition
<name of HSM Partition> -policy <policy code> -value <new
policy value>
Select an example that is applicable to your Luna appliance's HSM type:
Policy setting, Luna HSM with Password Authentication
Example
The default minimum password length is 7 characters (which the Luna
HSM calculates as 255 minus 248, where 255 is the maximum length and 248
is the number that can be subtracted from the maximum to yield the minimum
length). We want the minimum Partition password length to be larger than
7 characters – for example, nine. To do that, we would need to change
the number that is subtracted from 255 to be 246, instead of the current
248.
- Login Before
Changing Policies
- Change the selected
policy for a Partition labeled "myPartition1". Type:
lunash:> partition changePolicy -partition myPartition1
-policy 25 -value 246
'partition changePolicy' successful.
Policy "Minimum pin length (inverted: 255 -
min)" is now set to: 246
lunash:>
- Log out of the
HSM whenever you finish operations that require HSM login.
lunash:> hsm logout
lunash:>
Policy setting, Luna HSM with Trusted Path Authentication
Example
This is just an example. You do not need to change this particular policy,
or any other, except to configure the HSM Partition more appropriately
for your use.
- Login Before
Changing Policies
- Change a selected
policy for a Partition labeled "myPartition1". Type:
lunash:> partition changePolicy -partition myPartition1
-policy 22 -value 1 (allows Activation
mode to be on)
partition changePolicy successful
Policy allow Activation is now set to: 1
- And change the
other policy for the same Partition.
lunash:> partition -changePolicy -partition myPartition1
-policy 23 -value 1 (allows autoActivation
mode to be on)
partition changePolicy successful
Policy allow autoActivation is now set to: 1
- Log out of the
HSM whenever you finish operations that require HSM login.
lunash:> hsm - logout
lunash:>
Go to "Prepare the Client for Network Trust Link".
See Also
Show the Table of Contents