|
Home > |
|---|
This section tracks documentation changes expected in Luna HSM 5.5 / 6.0 that are not explicitly part of the major features. This includes documentation amalgamation and enhancements that were already underway in the Techpubs department, and issues that are revealed as side-effects of new software, new firmware, problems found by testers and reviewers, etc.
|
Story |
Tasks |
Status |
Prime |
|---|---|---|---|
| LHSM-16870 | DOC: lunash commands ToC does not have nested tree structure like original | Verification 2015/05/12 | KM |
| LHSM-16827 | DOC: Lush commands menu do not match | Verification 2015/05/12 | KM |
| LHSM-16317 | DOC: remove a step from document "Luna PED Firmware 2.6.0-6" | Closed 2015/05/15 | KM |
| LHSM-15993 | DOC: Audit log entry changes for 'audit init' vs 'role init -n Auditor' in 6.22.0 In the LunaCM Command Reference Guide, appropriate notes and comments have been added to the respective command pages: http://172.20.18.90/LunaSA/6.0/#lunacm/commands/audit/audit_init.htm and http://172.20.18.90/LunaSA/6.0/#lunacm/commands/role/role_init.htm (See the bottom of the page for Note.) |
Verification 2015/05/06 | KM |
| LHSM-15976 | DOC:Inconsistent documentation for CMU "requestCertificate" function (table row that mentioned md5 removed) |
Verification 2015/05/06 | KM |
| LHSM-15962 | DOC: Inconsistent use of "NTLS" | Verification 2015/05/05 | KM |
| LHSM-15855 | DOC:need to remove the support of LunaDock and PPSO for PKI bundle. | Verification 2015/05/11 | KM |
| LHSM-15322 | DOC: client list lush cmd is client -list in docs (Removed the dash) |
Verification 2015/05/05 | KM |
| LHSM-15313 | DOC: Lush command "hsm firmware rollback" usage not match with documentation (The table contained an unneeded "-password" parameter, which was removed.) |
Verification 2015/05/14 | KM |
| LHSM-15311 | DOC: Lush cmd "hsm debug" has extra pages on documentation or usage is not updated?! | Verification 2015/05/05 | KM |
| LHSM-15277 | DOC: Lush command "sysconf snmp notification delete" parameter case not matching usage | KM | |
| LHSM-15234 | DOC: ureset utility is not documented (created a section for it) |
Closed 2015/05/04 | KM |
| LHSM-15069 | DOC: Remove shortcut column from lush sysconf time in Docs (removed) |
Verification 2015/05/05 | KM |
| LHSM-15068 | DOC: Usage says <ipaddress> but docs says <eth0_ip_address> lush: sysconf (re|h) help (see the comment left in the issue for reasons) |
Rejected 2015/05/06 | KM |
| LHSM-15066 | DOC: Confusing sentence on NTL link page | Verification 2015/05/06 | KM |
| LHSM-15060 | DOC: Usage does not match documentation: syslog severity set help (added some abbreviations that were missing) |
Verification 2015/05/05 | KM |
| LHSM-15059 | DOC: Usage does not match documentation: lunash syslog remotehost * (added page, linked it in the syslog_remotehost.htm page, and added to the ToC) |
Verification 2015/04/30 | KM |
| LHSM-15058 | DOC: Usage of Lush cmd: syslog c help does not match documentation (I was dinged for adding useful information, so this issue is rejected.) |
Rejected 2015/05/06 | KM |
| LHSM-15057 | DOC: Description in documentation does not match usage: lush syslog tail (I was dinged for adding useful information, so this issue is rejected.) |
Rejected 2015/05/06 | KM |
| LHSM-15055 | DOC: Update description for Lush cmd in documentation: syslog show | Verification 2015/04/29 | KM |
| LHSM-15046 | Doc: RSAKeyGenMechRemap Not Clear | Sent to John Ray for verification 2015/04/29 | KM |
| LHSM-15040 | DOC: Conditions for cloning with SFF CUF are lacking | Verification 2015/05/13 | KM |
| LHSM-15038 | DOC: Partition Management section title has an extra "g" (removed the section - moved its content elsewhere, so there is no longer a title to be misspelled) |
Closed 2015/04/28 | KM |
| LHSM-15018 | Document for customers that the 6.0 release of Luna Client will be the last release which supports Java 5 and 6 (It's in the CRN, under "Supported APIs".) (After this issue was sent to Verification, John Ray appended a requirement to mention the supported OpenSSL version, so I took a phrase out of a Steve W. response, and went with "OpenSSL 1.0.1i") |
Verification 2015/05/22 | KM |
| LHSM-15015 | DOC: partition resetPw missing the whole content (It was not missing entire content - tester was looking at lunacm "partition resetPw" instead of lunash "partition resetPw". HOWEVER, it was missing a couple of newer options, so those were added.) |
Verification 2015/05/13 | KM |
| LHSM-15005 | DOC: customer docs lack a highly-visible statement of consequences if domain is forgotten or red Key is lost (new table added to top of http://172.20.18.90/LunaSA/6.0/#overview/security_features/roles_and_users.htm ) |
Verification 2015/04/21 | KM |
| LHSM-14985 |
DOC: PKI-bundle is not explained with a current step-by-step procedure http://172.20.18.90/LunaSA/6.0/#sa_appliance_admin/pki_bundle.htm |
Verification 2015/04/19 | KM |
| LHSM-14983 | DOC: PKI bundle, *token pki undeploy* requires update | Verification 2015/04/20 | KM |
| LHSM-14982 | DOC: PKI bundle, *token pki resetPin* requires update | Verification 2015/04/20 | KM |
| LHSM-14981 | DOC: PKI bundle, *token pki update firmware* requires update | Closed 2015/04/20 | KM |
| LHSM-14976 | DOC: Configuring Remote PED lists PED firmware 2.5.0-2 as minimum | Closed 2015/04/27 | |
| LHSM-14972 | |||
| LHSM-14969 | DOC: Extraneous "have" (Extra 'have' removed from page.) |
Verification 2015/04/15 | KM |
| LHSM-14964 | DOC: Luna 6 documentation contains many outdated references to "default domain" usage | Verification 2015/04/20 | KM |
| LHSM-14939 | DOC: par createuser is working for both PED and PW auth | Closed 2015/04/14 | KM |
| LHSM-14909 | DOC:"sysconf hwRegenCert" has outdated message http://172.20.18.90/LunaSA/6.0/#lunash/commands/sysconf/sysconf_hwregencert.htm |
Closed 2015/04/06 | KM |
| LHSM-14892 | DOC: lush - hsm firmware rollback command output has changed http://172.20.18.90/LunaSA/6.0/#lunash/commands/hsm/hsm_firmware_rollback.htm |
Verification 2015/03/30 | KM |
| LHSM-14887 | DOC: PKI bundle, we need an instruction page for how to set up the PKI bundle to the working stage. | Closed 2015/04/21 | KM |
| LHSM-14886 | DOC: L-HSM: Product Overview: missing information from Chapter 1 (The Luna SA HSM Appliance) (added missing text: 1. Server(s) hosting your client applications that need to create, store, and use crypto objects on an HSM application partition. |
Verification 2015/04/17 | KM |
| LHSM-14880 | DOC: lunash "audit config" command includes unused/unusable "-serial" option | Closed 2015/04/01 | KM |
| LHSM-14879 | DOC: PKI bundle, we need to document how to assign the PKI bundle to client | Closed 2015/04/20 | KM |
| LHSM-14875 | DOC: New slot description for G5Backup when configured through RBS | Verification 2015/04/02 | KM |
| LHSM-14856 | DOC: Valid characters for domain in lunash "partition create" should be documented in the user's guide (This is covered in the same NOTE in "partition create" that closed LHSM-14598.) |
Closed 2015/04/13 | KM |
| LHSM-14852 |
DOC: PKI bundle, we only support PED auth SA with PED G5
http://172.20.18.90/LunaSA/6.0/#lunash/commands/token/token_pki_update_login.htm |
Closed 2015/03/27 | KM |
| LHSM-14843 | DOC: PKI bundle, token pki update login need to be updated http://172.20.18.90/LunaSA/6.0/#lunash/commands/token/token_pki_update_login.htm |
Closed 2015/03/30 | KM |
| LHSM-14798 | DOC: PKI bundle, token pki deploy need to be updated http://172.20.18.90/LunaSA/6.0/#lunash/commands/token/token_pki_deploy.htm |
Closed 2015/03/23 | KM |
| LHSM-14775 | DOC: PKI bundle, we only support PED based G5, need to indicate it in the documentation. Added a note to two pages in the Luna SA docs: " NOTE: The PKI Bundle feature is supported with password-authenticated Luna SA or PED-authenticated Luna SA, but the connected Luna G5 HSM must be PED-authenticated. PKI bundling with password-authenticated Luna G5 is not supported. " |
Closed 2015/03/17 | KM |
| LHSM-14768 | DOC: update lunacm "hsm init" command to include all options - add BU example | Verification | KM |
| LHSM-14743 | Doc: incorrect syntax. my public-key add http://172.20.18.90/LunaSA/6.0/#sa_appliance_admin/client_connections/using_public-key_ |
Verification | KM |
| LHSM-14740 |
DOC - salogin missing remote ped information (-r)
|
Verification | KM |
| LHSM-14734 | Doc: syntax error in example for sysconf ssh show http://172.20.18.90/LunaSA/6.0/#sa_appliance_admin/client_connections/using_public-key_ |
Verification 2015/04/13 |
KM |
| LHSM-14633 | DOC: lunadiag page in docs is very outdated and missing commands | Closed 2015/04/29 | KM |
|
LHSM-14625
|
DOC: missing basic details of the port-bonding driver configuration The following section was added to the port_bonding.htm topic: ------------------------------ begin ---------------------------------- Technical Details Luna SA uses the Linux Ethernet Channel Bonding Driver (v3.4.0-2) configured for link aggregation control protocol. Specifically: - mode is active-backup - primary is eth0 - primary_reselect is failure - updelay is 2000 - miimon is 100 Additional details and descriptions of the above parameters can be reviewed in the document "Linux Ethernet Bonding Driver HOWTO" at https://www.kernel.org/doc/Documentation/networking/bonding.txt (If your browser blocks pop-ups and new windows, copy and paste the link to the address field.) ------------------------------ end ---------------------------------- |
Verification again 2015/03/06 | KM |
| LHSM-14624 | DOC: hsm update show is showing all the available Cap, not the un-applied cap as current states Fixed the command output at http://172.20.18.90/LunaSA/6.0/#lunash/commands/hsm/hsm_update_show.htm and added this note: Note: Formerly, when a capability had been applied, it no longer appeared in the list. |
Closed 2015/03/09 | KM |
| LHSM-14602 | DOC: hsm firmware show is missing from the lush command Added new page http://172.20.18.90/LunaSA/6.0/#lunash/commands/hsm/hsm_firmware_show.htm and updated page http://172.20.18.90/LunaSA/6.0/#lunash/commands/hsm/hsm_firmware.htm to include the "show" sub-command and a link to the new page. |
Verification | KM |
| LHSM-14600 | DOC: Firmware upgrade section is out of date (replaced the old example text with new text captured by Stella |
Closed | KM |
| LHSM-14599 | DOC: Luna JSP: Use a sensible default padding scheme for RSA ciphers | Closed 2015/03/24 | KM |
| LHSM-14598 | DOC: Valid characters for the password in lunash "partition create" should be documented in the user's guide | Closed 2015/04/13 | KM |
| LHSM-14575 | DOC: error code for audit logging failed attempt Replaced an incorrect instance of LUNA_RET_SO_LOGIN_FAILURE_THRESHOLD with LUNA_RET_AUDIT_LOGIN_FAILURE_THRESHOLD |
Closed | KM |
| LHSM-14570 | DOC: service list from lush are missing some newly added services | Closed 2015/03/06 | KM |
| LHSM-14567 | DOC: docs incorrectly say auto-activation is not supported for Luna PCI-E Deleted/amalgamated a couple of pages and rewrote http://172.20.18.90/LunaSA/6.0/#administration/partitions/about_activation_and_auto-activation_.htm with updates to reflect the various commands that can be used in different circumstances or with different firmware. The page: http://172.20.18.90/LunaSA/6.0/#administration/partitions/deactivate_a_partition.htm is retained and expanded. |
Closed 20115/04/01 | KM |
| LHSM-14560 |
DOC: G5 PKI Bundles 6.2.3 does not work on SA6 through remote PED (Changed/added some text snippets. related to LHSM-14534) |
Verification | KM |
| LHSM-14537 |
Doc : Ha sync command causes lunacm to crash in HA only mode This was not originally a doc issue. The doc requirement is due to a side effect, described in this note that was added to the "hagroup haonly" topic and the "slot list" topic. http://172.20.18.90/LunaSA/6.0/#lunacm/commands/hagroup/hagroup_haonly.htm |
Closed 2015/04/01 | SMon/KM |
| LHSM-14534 |
DOC: Connecting to PED G5 attached to PW SA (PKI bundle) (Changed/added some text snippets. related to LHSM-14560) |
Closed | KM |
| LHSM-14504 | DOC: Description of partition policies has gone missing from customer docs | QA 2015/03/05 | KM |
| LHSM-14467 | partition resize -size option must state units (This was not a DOC issue, but a UI issue that I raised. I already had the units shown in the command syntax page in the customer docs.) |
To AJ 2015/04/13 |
WR |
| LHSM-14395 | Luna SA 6.0: audit user can be deleted but admin, operator, monitor can't This was not a DOC issue, but it had a doc component. Added "audit audit enabled no " to the sample output of "user list" command in: http://172.20.18.90/LunaSA/6.0/#lunash/commands/user/user_list.htm |
Closed 2015/03/05 | (KM) |
| LHSM-14494 | DOC: remove password parameter typo / cut'n'paste error removed |
Verification | KM |
| LHSM-14408 | lunacm "hsm updateCap" command improperly says password required (Replaced the old Example text in the command syntax doc page hsm_updatecap.htm with tester's updated captured text.No separate DOC issue at this time (2015/03/09 ) |
(Was not a DOC issue, but changed something in docs) | JR/KM |
| LHSM-14382 | DOC: "hsm information monitor -interval" takes longer time than expected | Closed | KM |
| LHSM-14361 | DOC: need official statement of handling of SSH timeouts or lockouts in Luna SA appliance admin http://172.20.18.90/LunaSA/6.0/#administration/users/failed_logins_appliance.htm I created the page last year, but somebody in Discuss-HSM asked for the info again, and I created this issue to record its existence. Also Mark Y took an interest, so it's better to make it official... |
Sent to verification | KM |
| LHSM-14295 |
DOC: sysconf config factoryreset breaks ntls/stc service to not start
|
Sent to verification 2015/02/10 | KM |
| LHSM-14229 | DOC: summary of partition name restrictions is incorrect After e-mail thread with John Rose (2015/01/28), the text is changed to: A partition name, or a partition label, can have a length from 1 to 32 characters, and can include any of the following characters : !#$%'()*+,-./0123456789:=@ABCDEFGHIJKLMNOPQRSTUVWXYZ[]^_abcdefghijklmnopqrstuvwxyz{}~ No spaces, unless you wish to surround the name or label in quotation marks every time it is used. |
Closed 2015/01/29 | KM |
| LHSM-14222 |
DOC: add "hsm zeroize" command and revise "hsm factoryreset" command
Tester wanted greater clarity around behaviour of the two commands against old f/w and 6.22.0 f/w. |
Sent back to verification 2015/02/05 | KM |
| LHSM-14216 |
Misleading msg on sysconf hwregencert for ntls keys in hardware
|
Sent to verification | KM for docs component |
| LHSM-14191 | Lush zeroize vs factoryreset should be more explicit (Replaced the previous text in hsm_factoryreset.htm and hsm_zeroize.htm with JR's captured text from his comment in the issue. See my comment in the Jira issue. No separate DOC issue at this time (2015/03/09) |
(Was not a DOC issue, but changed something in docs) | JR/KM |
| LHSM-14184 |
"hsm zeroize" warning is the same as "hsm factoryreset" warning on 6.22.0
Created a new section "Security Effects of Administrative Actions" and a page "Summary of Outcomes of Security-affecting Actions", containing the table from Wayne's table document (minus the final row and the comment saying to not include the final row...) |
(Was not a DOC issue, but was given a doc component) Closed 2015/03/26 |
WR/KM |
| LHSM-14164 |
ShowAdminTokens set to 0 still showing admin token
Tester was misled by cut-and-paste text in http://172.20.18.90/LunaSA/6.0/#administration/slot_numbering.htm |
Sent back to tester | KM |
| LHSM-14137 | DOC: Restore HSM backup remotely procedure needs to be reflected in 6.0 Did some cleanup requested by S. Li. |
Sent back to tester ... again ... 2015/02/11 | KM |
| LHSM-14126 | DOC: Luna SA 6.0: STC only service has LCD flashing OOS but stc clients are online and doing crypto ok | Closed 2015/03/26 |
JK |
| LHSM-14081 |
DOC: documentation is missing description of how authentication passwords are protected
fixed on http://172.20.18.90/LunaSA/6.0/#overview/security_features/hsm_general_authentication_model.htm |
closed | KM |
| LHSM-14074 |
Config file setting OneBaseSlotId= should be in [Presentation] section
The DOC component of this was to change from [Misc] to [Presentation] in |
Sent to ET for verification | KM |
| LHSM-14034 | DOC - Need a list of possible "HSM Status" values Created a new page in Administration Guide, and added a cross-reference to it at the bottom of the "slot list" page of Lunacm Command Reference Guide. Also updated the example capture in "slot list", which was showing firmware 4.5... |
Closed | KM |
| LHSM-13970 |
DOC: Lunacm "hsm information monitor" cmd missing from customer docs |
Closed | KM |
| LHSM-13914 | Separate RSAKeyGenMechRemap config element into unique elements for forwards and back mapping Re-visiting LHSM-13535 and //172.20.18.90/LunaSA/6.0/#sdk/mechanisms/fips-muchanism-remap.htm to split the table and discussion to account for new "RSAPre1863KeyGenMechRemap=" config-file setting |
In progress 2015/02/05 | KM |
| LHSM-13904 | DOC: Creating partitions with a label that already exists as another partition's name does not work On page http://172.20.18.90/LunaSA/6.0/#lunash/commands/partition/partition_create.htm added this note from Wayne R. : NOTE: If you create a partition with name "somename" and do not specify a label, the label by default is "somename". If later you attempt to create another partition, and specify a label of "somename" the operation fails with LUNA_RET_ATTRIBUTE_VALUE_INVALID because the first partition has that label |
Closed 2015/05/15 | KM |
| LHSM-13883 | DOC: lunadiag no longer has a fixed slot limit | Closed 2015/03/26 | KM |
| LHSM-13833 | LunaCM version must be identified in LunaCM (This was not a specifically DOC issue - though I raised it - but the examples/captures in the docs need to match the new LunaCM banner as implemented by Jonathan. I replaced all instances of "2.3.3" with "6.0.0" in the docs.) |
QA | KM |
| LHSM-13788 | DOC GUIDE - Firmware update on appliance needs to warn about partition resizing & possible need for object deletion fixed on http://172.20.18.90/LunaSA/6.0/#administration/sw_maint/about_updating_lunasa.htm http://172.20.18.90/LunaSA/6.0/#administration/partitions/partition_creation.htm |
Closed | KM |
| LHSM-13717 | LunaSA PED-Auth partition changepw -> "create new random challenge" is not a valid option for CO and CU The command has changed, so the text on http://172.20.18.90/LunaSA/6.0/#lunash/commands/partition/partition_changepw.htm is revised to show an example for the Partition SO and a reduced-option example for CO and CU. Also added a note: "NOTE: The option to "generate a new random challenge" is present for the Partition SO, only. Crypto Officer and Crypto User are allowed to change their challenge secrets to a string input via keyboard. If a new, random or default challenge is desired (generated by Luna PED), it is triggered by the SO using the "partition resetPw command. " |
Sent to ET for verification | KM |
| LHSM-13564 | DOC: Lunacm PPSO HA slot doesn't understand "role" commands, but equivalent par commands don't work | Not enough info Sent back to Dev |
was KM |
| LHSM-13539 | DOC Defect: firmware update command changed since Luna SA 5.4 | Opened in error - new (at the time) tester was confused between Lunash and LunaCM. Sent back to close. | was KM |
| LHSM-13535 |
DOC: CLONE - Changes to RSA Key Generation Mechanisms Create a new topic in the SDK > Mechanisms section, to account for the action of the new setting "RSAKeyGenMechRemap=" in the [Misc] section of the chrystoki.conf/crystoki.ini file, to address changes in which key-gen mechanisms are valid for FIPS. (FIPS 186-3/4)
|
closed (but see LHSM-13914 above) | KM |
| LHSM-13249 | After changing max bad user role logins from 10 to 3, bad login attempt warnings still start at 9, 8 etc. This was explained as a mismatch of cached data when a change was made in one open session, and not detected/updated in another open session. The change was in force, but the reporting had not caught up. A note was added to the LunaCM introductory pages, advising restarting LunaCM. |
Sent for verification. | KM |
| LHSM-13157 | DOC: (HTL CS Fix) Windows 2012 Luna Client Installation: Missing step in supplemental guide (provided screen-cap was added to the page) |
Verification | KM |
| LHSM-13109 | Doc on audit logging with remote host sample rsyslog.conf needs a bit of modify | Closed 2015/01/19 | KM |
| LHSM-13013 |
Luna PCI 5.5: PED Admin login does warn of remaining login attempts anymore Also, the role command and output are new for f/w 6.22.0 and PPSO. |
Sent for verification. | KM |
| LHSM-13002 |
Document procedure for applying an advanced config upgrade
|
Rejected | KM |
| LHSM-12973 |
DOC: "sysconf ssh publickey" sub-commands are deprecated from lush Commented in the issue that the commands were removed, not deprecated. Added this NOTE to the sysconf_ssh_publickey.htm page:
|
Sent to Eng-Test for verification | KM |
| LHSM-12875 | DOC: Luna SA SSH public key authentication requires 'my public-key' commands, not sysconf ssh public-key commands Updates were made on three topics to address this issue: overview/security_guidance/about_connection_security.htm sa_appliance_admin/client_connections/using_public-key_authentication.htm lunash/commands/sysconf/sysconf_ssh_publickey.htm |
Sent to peer review | KM |
| LHSM-12871 | DOC: Luna SA docs and Update Sheet missing statement about s/w downgrade This note is now in both documents: Note: Appliance software upgrade is a one-way operation. There is currently no way to downgrade the appliance software once a new version is applied. This contrasts with - LunaClient software, which can be replaced by any version, simply by uninstalling the current version and installing a desired version, and - Luna HSM firmware, which can be rolled back to the version that was installed before the currently-installed version (applies only to versions since firmware rollback was enabled). |
Sent to peer review | KM |
| LHSM-12669 |
DOC: Replace old ped-message graphics with refined versions |
Closed |
KM |
| LHSM-12651 | DOC: "Using the PED" (ped_general_info.htm) topic needs fixing Table added. Body text edited. The pre-existing table was made into two versions, conditioned for Luna SA, or for Luna G5 and Luna PCI-E. |
Closed | KM |
| LHSM-12634 |
DOC: add "how to switch off SFF Backup"
Added the following text to http://172.20.18.90/LunaSA/6.0/#administration/backup/sff/small_form_backup_about.htm If you have concerns about the physical security of your HSMs, and wish to ensure that sensitive application partition contents cannot be backed-up onto a very portable, concealable SFF token, then simply do not purchase or apply a Small Form-Factor capability update for that HSM. If the SFF Capability Update has been installed, and for any reason you wish to disable the ability to backup HSM content, or application partition objects, to a Small Form-Factor device, simply disable HSM Policy 38. On Luna SA, run command lunash:>hsm changepolicy -policy 38 -value 0 On Luna PCI-E or Luna G5, run command lunacm:>hsm changehsmpolicy -policy 38 -value 0 The change is HSM-wide and is destructive, meaning that HSM contents and partitions are lost. Re-initialization is required, and lost objects must be re-created or must be restored from a Luna Backup HSM or by synchronization in an HA group. |
Sent to verification 2015/02/03 |
KM |
| LHSM-12619 |
DOC: Add default retries and interval to HA-related docs
NOTE: added a snippet to the lunacm hagroup retry commands and the HA section of SDK |
Sent to verification 2015/02/11 | KM |
| LHSM-12603 | DOC: modify SRK doc pages to reflect both lunash and lunacm srk-related commands | Verification 2015/03/18 | KM |
| LHSM-12582 | http://172.20.18.90/LunaSA/6.0/#administration/sw_maint/advanced_configuration_upgrades.htm | Verification 2015/03/19 | KM |
| 11796 | DOC: Slot enumeration update needed, slot lists do shift Sentence removed from note in http://172.20.18.90/LunaSA/6.0/#administration/ha/ha_operational_notes.htm |
Verification 2015/03/19 | KM |
| LHSM-11726 |
DOC: change all references to HSO back to SO Early in the project, it was projected that we would call the owner of per-partition-SO partitions the Token Security Officer, or TSO. Since the term SO was in use all over, it was decided to call the HSM SO the HSO, to differentiate the two, where necessary. Later, after hundreds of instances were changed in the docs, it was decided to go with "Application Partition Security Officer" and "HSM Administrator / SO". After a couple of runs of Find and Replace, no further instances of "HSO" or "TSO" are reported. |
Sent to verification | KM |
| LHSM-11723 | DOC: remote-ped_qsg.htm page is aimed at Luna SA, not G5 or PCI-E NOTE: Added some illustrations for the other HSM types, and adjusted any examples of commands to suggest either the lunash command or the equivalent lunacm command. |
Sent to verification | KM |
| LHSM-11721 |
DOC: htl config instructions for UNIX not mentioned
Issue was raised by Kevin and fixed in the initial scope. |
Back to Joe on Feb 11. | both |
| LHSM-11705 | DOC: Luna HSM 5.4 instructions for starting an Audit user account are outdated http://172.20.18.90/LunaSA/6.0/index.html#lunacm/commands/role/role_setdomain.htm now has text and examples from Eddie's comments in LHSM-12867. and http://172.20.18.90/LunaSA/6.0/index.html#administration/audit/audit-logging_configuring_and_using.htm has been updated. Available for review after the next nightly docs build |
Sent to verification | KM |
| LHSM-11703 | DOC: incorrect mention of card-removal tamper and battery switch in Luna PCI-E docs Leftover text removed. |
Closed | KM |
| LHSM-11618 |
DOC: Update Luna HSM docs topic "user_accounts_and_privileges.htm" http://172.20.18.90/LunaSA/6.0/#overview/security_features/user_accounts_and_privileges.htm |
Verification 2015/04/01 | KM |
| LHSM-11593 | DOC: Luna HSM 5.4 docs, lunacm hagroup removemember has incorrect -password Removed a bunch of stuff likely copy-pasted from another command, updated the syntax description and table, and made two examples. |
Verification 2015/04/02 | KM |
| LHSM-11521 |
DOC: Presentation setting of ShowAdminSlots = no renders PCI/G5 unusable
The fix was to add the following command: Note: NO COMMANDS - LunaCM depends on the availability of HSM partitions, in order to be useful. If no application partition has been created, then only the HSM SO (administrative) partition is available, against which to run commands. If the Chrystoki.conf / Crystoki.ini configuration file [Presentation] setting "ShowAdminSlots=" is set to no, then the HSM administrative partition/slot is also unavailable, and LunaCM is not usable. If you know you have a working Luna PCI-E or Luna G5 HSM attached to your LunaClient computer and LunaCM shows no usable commands, then verify in your Chrystoki.conf or Crystoki.ini file that "ShowAdminTokens" is not set to "no". |
Sent to verification | KM |
| LHSM-11077 |
Role login for users with spaces only accepts double quotes
Quotation Marks It might happen that a command parameter consists of two or more parts, separated by spaces. This can be misconstrued by the command parser as two (or more) additional parameters. To ensure that a multi-part parameter is parsed as a single entity, enclose it in quotation marks " ". |
Closed | KM |
| LHSM-10680 |
Lush command "par show" displays different S/N after F/W upgraded to 6.22.0 (Update: this was later fixed, so existing serial numbers are preserved through upgrade, to avoid breaking HA. A page "Serial Number Handling" was added to the docs to explain the situation.) |
Closed | KM |
| LHSM-9883 | Lush Fail to Shut Down certmonitord Service Lunash Command Reference Guide pages: ntls_certificate_monitor_enable.htm and ntls_certificate_monitor_disable.htm now have additional examples showing Fail when certmonitord is already in the target state. http://172.20.18.90/LunaSA/6.0/#lunash/commands/ntls/ntls_certificate_monitor_enable.htm UPDATE: Wayne changed the reporting for the two commands again, removing the need to differentiate between the responses when certmonitord is, or is not, in target state when the command is run. He further removed "NTLS Server Cert Monitor started" or "NTLS Server Cert Monitor stopped" statements, respectively, so I updated the two pages again... again... |
Sent back to verification (S. Liao) | KM |
| LHSM-9704 | Documentation for changes in LunaClient config files | Sent to peer review | KM |
| LHSM-6864 |
DOC - 5.3 Client: all tools not work in the case of 32bits lib used on windows 64bits OS
(Added examples of tools/commands that would change the crystoki.ini file or the contents of the cert folders in the 64-bit Windows LunaClient install, that would need to be replicated to the customer's 32-bit area that they were using with 32-bit library for their 32-bit apps on 64-bit Windows. ) |
Sent to verification | KM |
| LHSM-5827 |
pedserver can't be started due to "LOGGER_init failed" A previous instance of pedserver.exe maintains a lock on logger, preventing start of a new pedserver session. Kill the old process before launching a new pedserver.exe at an Administrator command prompt. |
Sent to peer review | KM |