|
Home > |
|---|
Change the password for the named HSM Partition. This command sets a partition password or PED Key. For PED-authenticated HSMs, this command invokes the SafeNet PED to change the value on the black PED Key and on the named partition, as well as allowing you to change the partition password (the challenge secret) supplied by the SafeNet PED, and used by client applications. For password-authenticated HSMs, this command changes the partition password.
Note: The option to "generate a new random challenge" is present for the Partition SO, only. Crypto Officer and Crypto User are allowed to change their challenge secrets to a string input via keyboard. If a new, random or default challenge is desired (generated by SafeNet PED), it is triggered by the SO using the "partition resetPw command.
To change a partition password of a legacy partition (a partition that does not have its own SO) when STC is in use, you have two options:
•Use the command partition changepw in the lunacm utility on a registered LunaClient host.
•Use the partition changepw command in lunash, but ensure that the STC admin channel is enabled with hsm stc enable (to avoid "Unknown ResultCode value" error). See "Establishing and Configuring the STC Admin Channel on a SafeNet Network HSM Appliance" in the Administration Guide for more information. If you prefer to not keep STC admin channel enabled, for performance reasons, you can enable before changing a legacy partition password in lunash, and then disable with hsm stc disable immediately afterward.
partition changePw -partition <partition_name> [-cu] [-newpw <new_partition_password>] [-oldpw <old_partition_password>]
| Option | Short | Parameter | Description |
|---|---|---|---|
| -cu | -c | . | Use this option if you have invoked the Crypto Officer / Crypto User role distinctions, and wish to change passwords as Crypto User. |
| -newpw | -n | <new password> | Specifies the new partition password. |
| -oldpw | -o | <old password> | Specifies the existing partition password, to be replaced by the new password. |
| -partition | -p | <partition name> | Specifies the partition name. HSM Partition names are obtained with the partition -list command. |
Example if you provide -oldpw and -newpw at the command line:
lunash:> partition changePw -partition mypar1 -oldpw XxPJNH4bY439FNPE -newpw MyPa$$w0rd
Luna PED operation required to activate partition on HSM - use User or Partition Owner (black) PED Key.
'partition -changePw' successful.
Command Result : 0 (Success)
Example for Partition SO, if you do not provide -oldpw and -newpw at the command line:
lunash:> partition changePw -partition mylegacypar1
Which part of the partition password do you wish to change?
1. change partition owner (black) PED key data
2. generate new random password for partition owner
3. specify a new password for the partition owner
4. both options 1 and 2
0. abort command
Please select one of the above options: 3
> ****************
Please enter the password for the partition:
>********
Please enter a new password for the partition:
>********
Luna PED operation required to activate partition on HSM - use User or Partition Owner (black) PED Key
'partition -changePw' successful.
Command Result : 0 (Success)
Example for Partition Crypto Officer or Crypto User, if you do not provide -oldpw and -newpw at the command line:
lunash:> partition changePw -partition mypar1
Which part of the partition password do you wish to change?
1. change partition owner (black) PED key data
2. specify a new password for the partition owner
0. abort command
Please select one of the above options: 3
> ****************
Please enter the password for the partition:
>********
Please enter a new password for the partition:
>********
Luna PED operation required to activate partition on HSM - use User or Partition Owner (black) PED Key
'partition -changePw' successful.
Command Result : 0 (Success)