partition changePw - Change Partition User password
lunacm:> partition changePw [- newpw <new_user_password> -oldpw <old_user_password>] [-prompt]
Changes the password that authenticates the User and/or the client to the Partition. You, as User, need to know the current password in order to change it.
(Contrast with the "partition resetPw" command -- used by the SO -- where the SO does not need to know the current Partition User password in order to reset it.)
1) For Password authenticated Luna HSM, the partition password needed by the administrator (Partition Owner/User) is also the challenge secret needed by the client.
2) For PED authenticated Luna HSM, the data on the black PED Key is the administrative authentication (used by the Partition Owner/User to log in or to activate the partition), and the challenge secret is a separate text secret used by the client before performing cryptographic operations.
If you run the partition changPw command without additional arguments, the HSM offers to change only the black PED Key secret.
To change the challenge secret, you must run the command with the -newpw and -oldpw options - OR use the -p option instead, which tells the HSM to prompt for old and new challenge secrets.
-newpw [optional] The new password for the Partition User.
-oldpw [optional] The old Partition User password, that is being replaced.
-prompt [optional] The system prompts for old and new passwords (for password-authenticated HSM) or challenge secrets (for PED-authenticated HSM) and obscures your typing with asterisks, so an unauthorized person cannot see the passwords onscreen, and the scroll-back log of your terminal would not show what you had typed.
Change the password on a password-authenticated HSM partition, with the passwords typed visibly at the command line.
lunacm:> partition changePw -newpw <new_user_password> -oldpw <old_user_password>
Command Result : No Error
lunacm:>
Change the challenge secret on a PED-authenticated HSM partition with the challenge typed visibly at the command line.
lunacm:> partition changePw -newpw <new_user_password> -oldpw <old_user_password>
User is not activated, please attend to the PED.
Command Result : No Error
lunacm:>
Change the password on a password-authenticated HSM partition, with the passwords prompted by the HSM and obscured by asterisks.
lunacm:> partition changePw -p
Option -oldpw was not supplied. It is required.
Enter the old password: ***********
Option -newpw was not supplied. It is required.
Enter the new password: ***********
Re-enter the new password: ***********
Command Result : No Error
lunacm:>
Change the challenge secret on a PED-authenticated HSM partition with the passwords prompted by the HSM and obscured by asterisks.
lunacm:> partition changePw -p
Option -oldpw was not supplied. It is required.
Enter the old challenge: ***********
Option -newpw was not supplied. It is required.
Enter the new challenge: ***********
Re-enter the new password: ***********
User is not activated, please attend to the PED.
Command Result : No Error
lunacm:>
Change the black key secret on a PED-authenticated HSM partition without changing the challenge secret.
lunacm:> partition changePw
User is not activated, please attend to the PED.
Command Result : No Error
lunacm:>