Home >

Lunacm Command Reference Guide > LunaCM Commands > partition > partition changepw

partition changepw

Change Partition User password. Use this command to change the password that authenticates the Crypto Officer or Crypto User and/or the client to the application partition. You, as User (or Crypto Officer), need to know the current password in order to change it.

Contrast this command with the partition resetpw command, used by the SO, where the SO does not need to know the current partition User/Crypto Officer password in order to reset it.

Password authentication

For Password authenticated SafeNet HSM, the partition password needed by the administrator (Partition Owner/User) is also the challenge secret needed by the client.

PED authentication

For PED authenticated SafeNet HSM, the data on the black PED Key is the administrative authentication (used by the Partition Owner/User or Crypto Officer to log in or to activate the partition), and the challenge secret is a separate text secret used by the client before performing cryptographic operations.

If you run the partition changPw command without additional arguments, the HSM offers to change only the black PED Key secret.

To change the challenge secret, you must run the command with the -newpw and -oldpw options - OR use the -p option instead, which tells the HSM to prompt for old and new challenge secrets.

Syntax

partition changepw [- newpw <new_user_password> -oldpw <old_user_password>] [-prompt]

Parameter Shortcut Description
-newpw -n The new password for the partition User.
-oldpw -o The old partition User password that is being replaced.
-prompt -p

The system prompts for old and new passwords (for password-authenticated HSM) or challenge secrets (for PED-authenticated HSM) and obscures your typing with asterisks, so an unauthorized person cannot see the passwords onscreen, and the scroll-back log of your terminal would not show what you had typed.

Example

Password-authenticated HSM partition, with the passwords typed visibly at the command line.
lunacm:> partition changePw -newpw <new_user_password> -oldpw <old_user_password>
 
Command Result : No Error
PED-authenticated HSM partition with the challenge typed visibly at the command line.
lunacm:> partition changePw -newpw <new_user_password> -oldpw <old_user_password>
 
User is not activated, please attend to the PED.
 
Command Result : No Error

 

Password-authenticated HSM partition, with the passwords prompted by the HSM and obscured by asterisks.
lunacm:> partition changepw -p
 
Option -oldpw was not supplied. It is required.
Enter the old password: ***********
Option -newpw was not supplied. It is required.
Enter the new password: ***********
Re-enter the new password: ***********
 
Command Result : No Error
PED-authenticated HSM partition with the passwords prompted by the HSM and obscured by asterisks.
lunacm:> partition changePw -p
 
Option -oldpw was not supplied. It is required.
Enter the old challenge: ***********
Option -newpw was not supplied. It is required.
Enter the new challenge: ***********
Re-enter the new password: ***********
User is not activated, please attend to the PED.
 
Command Result : No Error

 

Changing the black key secret on a PED-authenticated HSM partition without changing the challenge secret.
lunacm:> partition changePw
 
User is not activated, please attend to the PED.
 
Command Result : No Error