Home >

Appliance Administration Guide > Configuration without One-step NTLS > [Step 9] Configure PPSO Application Partitions > Initialize the Partition SO and Crypto Officer Roles on a PW-Auth PPSO Partition

Initialize the Partition SO and Crypto Officer Roles on a PW-Auth PPSO Partition

These instructions assume a Password-authenticated SafeNet HSM that has been initialized, and an application partition has been created, capable of having its own Security Officer.

Step 1: Initialize the Partition SO role

This step is perfomed by the root user on the SafeNet HSM client workstation. If you are using STC to provide the client-partition link, do not perform this procedure, since you already initialized the partition when configuring the STC link. See Creating an STC Link Between a Client and a Partition for more information.

1.Set the active slot to the created, uninitialized, application partition.
Type slot set -slot <slot number>

lunacm:> slot set -slot 0

        Current Slot Id:    0     (Luna User Slot 6.22.0 (Password) Signing With Cloning Mode)


Command Result : No Error

lunacm:> 

 

2.Initialize the application partition, to create the partition's Security Officer (SO).
Type partition init -label <a label>  

lunacm:> par init -label ppsopar

        You are about to initialize the partition.
        All partition objects will be destroyed.


        Are you sure you wish to continue?

        Type 'proceed' to continue, or 'quit' to quit now -> proceed

 


Command Result : No Error

lunacm:>

 

Step 2: Initialize the Crypto Officer role

1.The SO of the application partition can now assign the first operational role within the new partition.
Type role login -name Partition SO  

lunacm:> role login -name Partition SO  


Command Result : No Error

lunacm:>

 

2.Type role init -name Crypto Officer   

lunacm:> role init -name Crypto Officer

 


Command Result : No Error

lunacm:> 

 

3.The application partition SO can create the Crypto Officer, but only the Crypto Officer can create the Crypto User. Therefore, the SO must log out to allow the Crypto Officer to log in.
Type role logout  

 

lunacm:> role logout

Command Result : No Error

lunacm:> 

 

The next sequence of configuration actions is performed by the Crypto Officer, just created for the application partition. See Initialize the Crypto User Role on a PW-Auth PPSO Partition .