|
Home > |
|---|
This section is HSM Partition setup for Password Authentication. The activities in this section are required in three circumstances.
•if you just prepared an HSM on the SafeNet appliance for the first time and must now create your first HSM Partition, or
•if you have purchased a SafeNet appliance capable of supporting multiple HSM Partitions and you wish to create those additional partitions (this procedure creates one HSM Partition at a time, and you would need to repeat it once for each Partition, up to the number supported by your SafeNet HSM) , or
•if you have deleted an HSM Partition and wish to create a new one to replace it.
At this point, the SafeNet appliance should already:
•have its network settings configured by Configure Your Network Settings,
•have its HSM SO assigned by About Initializing a Password-Authenticated HSM.
Within the HSM, separate cryptographic work-spaces must be initialized and designated for clients. A workspace, or Partition, and all its contents are protected by encryption derived (in part) from its authentication. Only a Client that presents the proper authentication is allowed to see the Partition and to work with its contents.
In this section, you will:
•Create an HSM Partition
If you do not already have a connection open, connect your administration computer to the serial Console port of the SafeNet appliance and open a Terminal session, or use ssh to connect via the network.
To create HSM Partitions, you must login to the SafeNet HSM as HSM Admin. At the lunash prompt, type:
lunash:> hsm login
Authenticate as HSM Admin by supplying the appropriate HSM Admin password when you are prompted — this is generally preferable to typing the password on the command line, because your response to the password prompt is hidden from view by “*” characters.
WARNING! If you fail three consecutive login attempts as HSM Admin, the HSM is zeroized and cannot be used — it must be re-initialized. Re-initializing zeroizes the HSM contents. Zeroizing destroys all key material. Please note that the SafeNet HSM must actually receive some information before it logs a failed attempt, so if you just press [Enter] without typing a password, that is not logged as a failed attempt. Also, when you successfully login, the counter is reset to zero.
If you are not sure that you are currently logged in as HSM Admin, perform an ‘hsm logout’.
Next, see Create (Initialize) a Password Authenticated Legacy-style Application Partition .