Home > |
Appliance Administration Guide > Configuration without One-step NTLS > [Step 9] Configure PPSO Application Partitions > Initialize the Crypto User Role on a PW-Auth PPSO Partition
|
---|
These instructions assume
•a Password-authenticated SafeNet HSM has been initialized,
•an application partition has been created,
•a Crypto Officer has been created for the partition, and
•the Crypto Officer password has been conveyed to the person responsible for the Crypto Officer role. See Initialize the Partition SO and Crypto Officer Roles on a PW-Auth PPSO Partition.
As Crypto Officer, you can do the following:
•Create a Crypto User (limited access user) for the application partition
•Create, delete, change and manipulate cryptographic objects on the application partition, either for your own use or for use by the Crypto User.
1.Set the active slot to the desired application partition, where the Crypto Officer was just created.
Type slot set -slot <slot number>
lunacm:> slot set -slot 0 Current Slot Id: 0 (Luna User Slot 6.22.0 (PW) Signing With Cloning Mode) Command Result : No Error lunacm:>
2.Log in as the Crypto Officer.
Type role login -name Crypto Officer
lunacm:> role login -name Crypto Officer -password $3cr3t
Command Result : No Error lunacm:>
3.Create the Crypto User.
Type role init -name Crypto User
lunacm:> role init -name Crypto User -password 0ther$ecret
Command Result : No Error lunacm:>
The Crypto User can now log in to use applications to perform cryptographic operations using keys and objects created in the partition by the Crypto Officer.