Changing the HSM SO Credential
From time to time, you may need to change the HSM Security Officer's credential. The credential might have been compromised, or your organization's security policy may mandate account credential changes after a specific time interval. The HSM SO can change their own credential at any time.
There is no way to reset the HSM SO credential except to re-initialize
the HSM, zeroizing the contents of the HSM and its application partition
To change the HSM SO credential
1.Connect to the appliance via SSH or a serial connection, and log in to LunaSH as admin or a custom user with an admin role (see Logging In to LunaSH).
2.Log in as HSM SO (see Logging In as HSM Security Officer).
3.Change the HSM SO credential.
lunash:> hsm changepw
You are prompted for the current HSM SO credential, and then to create a new one.
In LunaSH, the HSM SO password must be 7-255 characters in length. The following characters are allowed:abcdefghijklmnopqrstuvwxyzABCDEFGHIJKLMNOPQRSTUVWXYZ0123456789 !@#$%^*()-_=+[]{}/:',.~
The following characters are invalid or problematic and must not be used in the HSM SO password: "&;<>\`|
Spaces are allowed; to specify a password that includes spaces using the -password option, enclose the password in double quotation marks.