Changing a Role Credential

From time to time, you may need to change the credential for a role. The credential might have been compromised, or your organization's security policy may mandate password changes after a specific time interval. The following procedure allows you to change the credential for a role (HSM SO, Auditor, Partition SO, Crypto Officer, Crypto User). You must first log in using the role's current credential.

To change a role credential

1.In LunaCM, log in using the role's current credential (see Logging In to the Application Partition).

2.Change the credential for the logged-in role (role changepw). If you are using a password-authenticated partition, specify a new password. If you are using a PED-authenticated partition, ensure that you have a blank or rewritable PED key available. Refer to Creating PED Keys for details on creating PED keys.

lunacm:>role changepw -name <role>

lunacm:> role changepw -name co
 
 
        enter existing password: ********
 
        enter new password: ********
 
        re-enter new password: ********
 
 
Command Result : No Error

3.To change the CO or CU challenge secret for an Activated PED-authenticated partition, specify the -oldpw and/or -newpw options (role changepw).

lunacm:>role changepw -name <role> -oldpw <oldpassword> -newpw <newpassword>

lunacm:> role changepw -name co -oldpw PASSWORD -newpw userpin

        This role has secondary credentials.   
        You are about to change the secondary credentials. 
        Are you sure you wish to continue? 


        Type 'proceed' to continue, or 'quit' to quit now -> proceed


Command Result : No Error


Customer Support Portal

SafeNet Luna PCIe HSM 7.3 Product Documentation  13 December 2019  Copyright 2001-2019 Thales. All rights reserved.