|
Home > |
|---|
Caches a Partition's PED key data. Clients can then connect, authenticate with their Partition password, and perform operations with Partition objects, without need for hands-on PED operations each time. Activation/caching endures until explicitly terminated with "partition deactivate" or appliance power off. If a Partition has not been activated, then each access attempt by a Client causes a login call which initiates a Luna PED operation (requiring the appropriate black PED Key). Unattended operation is possible while the Partition is activated.
If you wish to activate a Partition, then Partition policy number 22 "Allow activation" must be set to "On" for the named partition. Use "partition showPolicies" to view the current settings and use "partition changePolicy" to change the setting. The policy shows as "Off" or "On", but to change the policy you must give a numeric value of "0" or "1".
If you wish to automatically activate a Partition, then Partition policy number 23 "Allow auto-activation" can be set to "On" for the named partition. Use "partition showPolicies" to view the current settings and use "partition changePolicy" to change the setting. The policy shows as "Off" or "On", but to change the policy you must give a numeric value of "0" or "1". Autoactivation caches the activation authentication data in battery-backed memory so that activation can persist/recover following a shutdown/restart or a power outage up to 2 hours duration. If Partition Policy 23 is set, then partition activation includes autoactivation. If Partition Policy 23 is not set, then partition activation persists only while the appliance is powered on, and requires your intervention to reinstate activation following a shutdown or power outage.
partition activate -partition <name> [-password <password>] [-cu]
| Parameter | Shortcut | Description |
|---|---|---|
| -partition | -par | Specifies the name of the HSM partition to activate. Obtain the HSM partition name by using the partition list command. |
| -password | -pas | Specifies the password needed to access the HSM partition. This is the partition string provided by the Luna PED when you created the partition - associated with the partition Owner black PED Key. For password-authenticated HSMs, it is the entire authentication for the named partition. If you omit the password in the command, you are prompted for it. |
| -cu | -c | Perform the task as the Crypto-User. This option is required if you have invoked the Crypto Officer / Crypto User roles and are performing this action as the Crypto User. |
lunash:> partition activate -partition b1
Please enter the password for the partition:
> *******
Luna PED operation required to activate partition on HSM - use User or Partition Owner (black) PED key.
'partition activate' successful
Command Result : 0 (Success)