Home >

Appliance Administration Guide > Configuration without One-step NTLS > [Step 4] Set the HSM Policies

[Step 4] Set the HSM Policies

SafeNet HSMs are built on one of our general-purpose HSM platforms (hardware plus firmware), and then are loaded with what we call "personality", to make them into specific types of HSM with specific abilities and constraints, to suit different markets and applications.

The built-in attributes are called "Capabilities" and describe what the HSM can do as it comes to you from the factory.

Some capabilities are unalterable, except by re-manufacturing the HSM.  

Many HSM capabilities can be altered by means of HSM Policies, which coincide one-for-one with the capabilities that they alter.

You can view the current HSM capabilities and policies with the hsm showpolicies command:

You can change a current HSM policy in LunaSH with the hsm changepolicy command.

This section describes how to modify HSM Policies, and suggests some examples of changes best made before the HSM is further configured for use in your environment. Refer to the instructions for your HSM authentication type:

Set HSM Policies (Password Authentication)

Set HSM Policies - PED (Trusted Path) Authentication