sysconf forcesologin

Access commands that allow you to enable or disable SO login enforcement, or display the current SO login enforcement setting.

When SO login enforcement is enabled, access to some LunaSH commands is restricted to the HSM SO. See sysconf forcesologin enable for a list of the affected commands.

Syntax

sysconf forcesologin

disable
enable
show

Argument(s) Shortcut Description
disable d Disable SO login enforcement. See sysconf forcesologin disable (*).
enable e Enable SO login enforcement. See sysconf forcesologin enable (**).
show s Display the current SO login enforcement setting. See sysconf forcesologin show.

(* On successful hsm factoryreset or sysconf config factoryreset (option "all") the SafeNet Luna Network HSM Administrator Login Enforcement feature is reset to "disabled".)

(** If the HSM is not initialized, then the SafeNet Luna Network HSM SO Login Enforcement feature cannot be enabled or disabled.)

Most SafeNet Luna Network HSM lunash commands, except time- and partition-specific ones do not require HSM Security Officer (also known as HSM Administrator) to be logged in. The SafeNet Luna Network HSM SO Login Enforcement option functions as follows:

>Only the SO can enable SafeNet Luna Network HSM SO Login Enforcement.  

>When enabled, the feature verifies that HSM SO is logged in before authorizing the operations described below.  

>Only HSM Administrator can disable SafeNet Luna Network HSM SO Login Enforcement.

Affected commands

The affected commands include all commands that can have an effect on the HSM, its partitions, or application access to the partitions (Items that are solely appliance-level features generally are not affected).

client

>client assignpartition   

>client revokepartition   

>client register   

>client delete   

>client hostip map   

>client hostip unmap

ntls  

>ntls bind      

>ntls information reset   

>ntls certificate monitor enable   

>ntls certificate monitor disable   

>ntls certificate monitor trap trigger   

>ntls tcp_keepalive set   

>ntls timer set   

>ntls threads set   

>ntls ipcheck enable   

>ntls ipcheck disable

sysconf  

>sysconf regencert