Home > |
---|
Change HSM Admin-modifiable elements from the HSM policy set. Use this command to set a policy on or off, or to set it to a certain value if it is a numerical policy. Only certain portions of the policy set are user-modifiable. These policies and their current values can be determined using the hsm showPolicies command. After a successful policy change, the command displays the new policy value.
Note: This command must be executed by the HSM Admin. If the HSM Admin is not authenticated, a “user not logged in” error message is returned.
If the policy is destructive, the user is given the choice to proceed or quit. Once a policy is changed, the program reports back the new value of the policy.
hsm changePolicy -policy <hsm_policy_number> -value <hsm_policy_value> [-force]
Parameter |
Shortcut |
Description |
---|---|---|
-force | -f | Force the action without prompting. If this option is included in the list for a destructive policy change, the policy will be changed without prompting the user for a confirmation of zeroizing the HSM. |
-policy | -po | Specifies the policy code of the policy to alter. Policy descriptions and codes are obtained with the hsm showpolicies command. |
-value | -v | Specifies the value to assign to the specified policy. When specifying values for a on/off type policy, use '1' for on and '0' for off. |
lunash:> hsm changePolicy -policy 6 -value 0
CAUTION: Are you sure you wish to change the destructive policy named:
Allow masking
Changing this policy will result in erasing all partitions on the HSM (zeroization)!
Type 'proceed' to zeroize your HSM and change the policy, or 'quit' to quit now.
> quit
'hsm changePolicy' aborted.
lunash:> hsm changePolicy -policy 16 -value 0
'hsm changePolicy' successful.
Policy Allow network replication is now set to value: 0