|
Home > |
Configuration Guide > Creating an Application Partition (SO, Crypto Officer, and Domain) > Password-Authenticated Partition > Initialize the Partition SO and Crypto Officer Roles on a PW-Auth PPSO Partition
|
|---|
These instructions assume a Password-authenticated SafeNet HSM that has been initialized, and an application partition has been created, capable of having its own Security Officer (see previous steps by HSM SO HSM SO Configures Password-authenticated Partition with SO, Local to Client).
1.Set the active slot to the created, uninitialized, application partition.
Type slot set -slot <slot number>
lunacm:> slot set -slot 0
Current Slot Id: 0 (Luna User Slot 6.22.0 (Password) Signing With Cloning Mode)
Command Result : No Error
lunacm:>
2.Initialize the application partition, to create the partition's Security Officer (SO).
Type partition init -label <a label>
lunacm:> par init -label ppsopar
You are about to initialize the partition.
All partition objects will be destroyed.
Are you sure you wish to continue?
Type 'proceed' to continue, or 'quit' to quit now -> proceed
Command Result : No Error lunacm:>
1.The SO of the application partition can now assign the first operational role within the new partition.
Type role login -name Partition SO
lunacm:> role login -name Partition SO Command Result : No Error lunacm:>
2.Type role init -name Crypto Officer
lunacm:> role init -name Crypto Officer
Command Result : No Error lunacm:>
3.The application partition SO can create the Crypto Officer, but only the Crypto Officer can create the Crypto User. Therefore, the SO must log out to allow the Crypto Officer to log in.
Type role logout
lunacm:> role logout Command Result : No Error lunacm:>
The next sequence of configuration actions is performed by the Crypto Officer, just created for the application partition. See Initialize the Crypto User Role on a PW-Auth PPSO Partition .