|
Home > |
|---|
Cache Partition PED Key data [Luna PCI-E with PED (Trusted Path) Authentication only]. Use this command to caches a Partition's PED Key data. Clients can then connect, authenticate with their Partition password (challenge secret), and perform operations with Partition objects, without need for hands-on PED operations each time. Activation/caching endures until explicitly terminated with "partition deactivate" or host computer power off. If a Partition has not been activated, then each access attempt by a Client causes a login call which initiates a Luna PED operation (requiring the appropriate black PED Key). Unattended operation is possible while the Partition is activated.
Note: If you wish to activate a Partition, then Partition policy number 22 "Allow activation" must be set to "On" for the named partition. Use "partition showPolicies" to view the current settings and use "partition changePolicy" to change the setting. The policy shows as "Off" or "On", but to change the policy you must give a numeric value of "0" or "1".
Note: If you wish to activate a Partition, then Partition policy number 23 "Allow auto-activation" can be set to "On" for the partition. Use "partition showPolicies" to view the current settings and use "partition changePolicy" to change the setting.
The policy shows as "Off" or "On", but to change the policy you must give a numeric value of "0" or "1".
Autoactivation caches the activation authentication data in battery-backed memory so that activation can persist/recover following a shutdown/restart or a power outage up to 2 hours duration. If Partition Policy 23 is set, then partition activation includes autoactivation. If Partition Policy 23 is not set, then partition activation persists only while the host computer is powered on, and requires your intervention to reinstate activation following a shutdown or power outage.
partition activate -password <partition_user_password>
| Parameter | Shortcut | Description |
|---|---|---|
| -password | -p |
The password to be used as login credential by the Partition User. As shown, you can supply the password at the command line (useful for scripting). Normally, however, you should leave out the password when issuing the command. If the password is not provided, you are prompted for it, and your response is obscured by asterisk (****) symbols. This a more secure method of providing the password. NOT USED for PED-authenticated HSMs, which need the data from the black PED Key instead, however the challenge-secret/password is still needed by the client application. |
| -cu | -c | Selects to perform the login as Crypto-User, which has a limited subset of "User". Use this option only if your security scheme makes use of the Crypto-Officer/Crypto-User distinction. |
| -ped | -ped | This parameter is optional. If it is not specified, then the value of the "PEDId" parameter in the "Luna" section of Chrystoki.conf (cryptoki.ini) is used. Otherwise the default is "0" or local PED. |
lunacm:> partition activate -password Userpa55word!
Command Result : No Error
lunacm:> partition activate
Option -password was not supplied. It is required.
Enter the password: ****************
User is not activated, please attend to the PED.
Command Result : No Error