role createchallenge
Create a challenge secret for the Crypto Officer (CO) or Crypto User (CU) role on the current partition (slot). This command applies to PED-authenticated partitions only.
The challenge secret is a text string (password) that provides an additional level of authentication for PED-authenticated partitions. If you create a challenge secret for a role, the role authenticates to the partition as follows:
>If the role is not activated on the partition, the role must provide both the PED key and challenge secret to gain access to the partition.
>If the role is activated on the partition, the role is able to access the partition using the challenge secret only.
See Activation and Auto-Activation on PED-Authenticated Partitions in the Administration Guide for more information.
You must be logged in as the Partition SO to create a challenge for the Crypto Officer. You must be logged in as the Crypto Officer to create a challenge for the Crypto User. The target role must already exist. See role init.
Syntax
role createchallenge -name <role> [-challengesecret <string>]
Option | Shortcut | Description |
---|---|---|
-name <role> | -n | Name of role for which the challenge is to be created |
-challengesecret | -c | The challenge secret (password) you wish to create for this role. If this option is not included, you will be prompted to enter a challenge secret, masked by asterisks (*). |
Example
lunacm:> role createchallenge -name co
Please attend to the PED.
enter new challenge secret: ********
re-enter new challenge secret: ********
Command Result : No Error