Show the Table of Contents

You are here: Configuration Manual (Set up Luna Appliance after Installing) > [Step 5] Setting Partition Policies > Set Partition Policy

Set Partition Policy

Having viewed the Policy settings (previous page) you can now modify a Partition Policy for a given Partition, if required.

  1. To change a Partition Policy, at the lunash prompt type:

lunash:> partition changePolicy -partition <name of HSM Partition> -policy <policy code> -value <new policy value>

Select an example that is applicable to your Luna appliance's HSM type:

Policy setting, Luna HSM with Password Authentication

Example

The default minimum password length is 7 characters (which the Luna HSM calculates as 255 minus 248, where 255 is the maximum length and 248 is the number that can be subtracted from the maximum to yield the minimum length). We want the minimum Partition password length to be larger than 7 characters – for example, nine. To do that, we would need to change the number that is subtracted from 255 to be 246, instead of the current 248.

  1. Login Before Changing Policies
  2. Change the selected policy for a Partition labeled "myPartition1". Type:
    lunash:> partition changePolicy -partition myPartition1 -policy 25 -value 246
    'partition changePolicy' successful.
    Policy "Minimum pin length (inverted: 255 - min)" is now set to: 246
    lunash:>
  3. Log out of the HSM whenever you finish operations that require HSM login.
    lunash:> hsm logout
    lunash:>      

 

Policy setting, Luna HSM with Trusted Path Authentication

Example

 

 

This is just an example. You do not need to change this particular policy, or any other, except to configure the HSM Partition more appropriately for your use.

  1. Login Before Changing Policies
  2. Change a selected policy for a Partition labeled "myPartition1". Type:
    lunash:> partition changePolicy -partition myPartition1 -policy 22 -value 1        (allows Activation mode to be on)
    partition changePolicy successful
    Policy allow Activation is now set to: 1      
  3. And change the other policy for the same Partition.
    lunash:> partition -changePolicy -partition myPartition1 -policy 23 -value 1         (allows autoActivation mode to be on)
    partition changePolicy successful
    Policy allow autoActivation is now set to: 1      
  4. Log out of the HSM whenever you finish operations that require HSM login.
    lunash:> hsm - logout
    lunash:>      

 

 

Go to "Prepare the Client for Network Trust Link".

 

See Also

 

 

Show the Table of Contents