|
Home > |
|---|
Change HSM Admin-modifiable elements from the HSM policy set. Use this command to set a policy on or off, or to set it to a certain value if it is a numerical policy. Only certain portions of the policy set are user-modifiable. These policies and their current values can be determined using the hsm showPolicies command. After a successful policy change, with hsm changepolicy, then hsm showpolicies displays the new policy value.
Note: This command must be executed by the HSM Admin. If the HSM Admin is not authenticated, a “user not logged in” error message is returned.
If the policy is destructive, the you are given the choice to proceed or quit. This means that you cannot inadvertently destroy the contents of your HSM - you must acknowledge that you know that will happen before you proceed. Once a policy is changed, the program reports back the new value of the policy.
hsm changePolicy -policy <hsm_policy_number> -value <hsm_policy_value> [-force]
|
Parameter |
Shortcut |
Description |
|---|---|---|
| -force | -f | Force the action without prompting. If this option is included in the list for a destructive policy change, the policy will be changed without prompting the user for a confirmation of zeroizing the HSM. |
| -policy | -po | Specifies the policy code of the policy to alter. Policy descriptions and codes are obtained with the hsm showpolicies command. |
| -value | -v | Specifies the value to assign to the specified policy. When specifying values for a on/off type policy, use '1' for on and '0' for off. |
lunash:> hsm changePolicy -policy 6 -value 0
CAUTION: Are you sure you wish to change the destructive policy named:
Allow masking
Changing this policy will result in erasing all partitions on the HSM (zeroization)!
Type 'proceed' to zeroize your HSM and change the policy, or 'quit' to quit now.
> quit
'hsm changePolicy' aborted.
lunash:> hsm changePolicy -policy 16 -value 0
'hsm changePolicy' successful.
Policy Allow network replication is now set to value: 0