|
Home > |
|---|
Change the password for a specified role.
role changePW -name <string> [-oldpw <string>] [-newpw <string>] [-prompt] [-force]
| Parameter | Shortcut | Description |
|---|---|---|
| -name | -n | role to change password for |
| -oldpw | -old | Current password (for application partition on PW authenticated HSM) or current challenge secret (for application partition on PED authenticated HSM). If you include option "-oldpw" the HSM assumes that you wish to change the challenge secret, which is the "secondary credential". This applies to Crypto Officer and Crypto User, which each have primary and secondary credentials, but not to Partition SO, which has only primary credential. If you omit option "-oldpw" the HSM assumes that you wish to change the "primary credential" or PED Key secret. Required if you wish to change the secondary credential. |
| -newpw | -new | New password (for application partition on PW authenticated HSM) or new challenge secret (for application partition on PED authenticated HSM). Required if you have already provided an "-oldpw". |
| -prompt | -p | prompt for challenges (challenges will be hidden by *) |
| -force | -f | Force the action. Use this option to bypass the warning about primary/secondary credentials on a PED-authenticated HSM, as shown in the example. |
lunacm:> role changePW -name Administrator -prompt
A role must be logged in to change password.
Error in execution: command cancelled.
Command Result : 0xb (User Cancelled Operation)
lunacm:> role login -name SO
Please attend to the PED.
Command Result : No Error
lunacm:> role changePW -name SO -prompt
Warning: this role has no secondary credentials.
-prompt parameter will be ignored.
Type 'proceed' to continue, or 'quit' to quit now -> proceed
Please attend to the PED.
Command Result : No Error
lunacm:> role changepw -oldpw PASSWORD -newpw userpin -name Crypto Officer
This role has secondary credentials.
You are about to change the secondary credentials.
Are you sure you wish to continue?
Type 'proceed' to continue, or 'quit' to quit now -> proceed
Command Result : No Error
lunacm:> role changepw -oldpw PASSWORD -newpw userpin2 -name Crypto Officer -force Command Result : No Error
lunacm:> role changepw -name Crypto Officer
This role has secondary credentials.
You are about to change the primary credentials.
Are you sure you wish to continue?
Type 'proceed' to continue, or 'quit' to quit now -> proceed
Command Result : No Error
lunacm:> role changepw -name Crypto Officer -oldpw 6Ks5bTs3PxPMWqPP -newpw 5parEpuppy
A role must be logged in to change password.
Error in execution: command cancelled.
Command Result : 0xb (User Cancelled Operation)
lunacm:> role login -name Crypto Officer
enter password: ***************
Please attend to the PED.
Error in execution: CKR_USER_ALREADY_LOGGED_IN.
Command Result : 0x100 (CKR_USER_ALREADY_LOGGED_IN)
lunacm:> role logout
Command Result : No Error
lunacm:> role login -name Crypto Officer
enter password: ****************
Command Result : No Error
lunacm:> role changepw -name Crypto Officer -oldpw 6Ks5bTs3PxPMWqPP -newpw 5parEpuppy
This role has secondary credentials.
You are about to change the secondary credentials.
Are you sure you wish to continue?
Type 'proceed' to continue, or 'quit' to quit now -> proceed
Command Result : No Error