Name, Label, and Password Requirements

This page describes length and character requirements for setting names, labels, domains, passwords, and challenge secrets on the SafeNet Luna Network HSM. This information can also be found in relevant sections throughout the documentation. Refer to the applicable section below:

>Custom Appliance User Accounts

>Custom Appliance Roles

>Appliance User Passwords

>HSM Labels

>Cloning Domains

>Partition Names

>Partition Labels

>HSM/Partition Role Passwords or Challenge Secrets

Custom Appliance User Accounts

LunaSH user names can be 1-32 characters in length, chosen from letters a-z, or A-Z, numbers 0-9, the dash, the dot, or the underscore:

abcdefghijklmnopqrstuvwxyzABCDEFGHIJKLMNOPQRSTUVWXYZ0123456789-._

No spaces are allowed. User names cannot begin with a dot, dash, or number. As with any secure system, no two users (regardless of role) can have the same name.

Custom Appliance Roles

LunaSH role names can be 1-64 characters in length. The following characters are allowed:

abcdefghijklmnopqrstuvwxyzABCDEFGHIJKLMNOPQRSTUVWXYZ0123456789-._

No spaces are allowed. Role names cannot start with a dot or dash. Creating a role name that begins with a number is not recommended. As with any secure system, no two roles can have the same name.

Appliance User Passwords

LunaSH passwords must be at least eight characters in length, and include characters from at least three of the following four groups:

>  lowercase alphabetic: abcdefghijklmnopqrstuvwxyz

>  uppercase alphabetic: ABCDEFGHIJKLMNOPQRSTUVWXYZ

>  numeric: 0123456789

>  special (spaces allowed):  !@#$%^&*()-_=+[]{}\|/;:'",.<>?`~

HSM Labels

The HSM label created during initialization must be 1-32 characters in length. If you specify a longer label, it will automatically be truncated to 32 characters. Only alphanumeric characters and the underscore are allowed:

abcdefghijklmnopqrstuvwxyzABCDEFGHIJKLMNOPQRSTUVWXYZ0123456789_

Cloning Domains

On password-authenticated HSMs, the domain string must be 1-128 characters in length. The following characters are allowed:

abcdefghijklmnopqrstuvwxyzABCDEFGHIJKLMNOPQRSTUVWXYZ0123456789 !@#$%^*-_=+[]{}/:',.~

The following characters are problematic or invalid and must not be used in a domain string: "&;<>\`|()

Spaces are allowed, as long as the leading character is not a space; to specify a domain string that includes spaces using the -domain option, enclose the string in double quotation marks.

Partition Names

Partition names created in LunaSH must be 1-32 characters in length. The following characters are allowed:

abcdefghijklmnopqurstuvwxyzABCDEFGHIJKLMNOPQRSTUVWXYZ 0123456789!@#$%^*()-_=+{}[]:,./?~

Spaces are allowed; enclose the partition name in double quotes if it includes spaces.

The following characters are not allowed: &\|;<>`'"?

No two partitions can have the same name.

Partition Labels

The partition label created during initialization must be 1-32 characters in length. If you specify a longer label, it will automatically be truncated to 32 characters. The following characters are allowed:

abcdefghijklmnopqrstuvwxyzABCDEFGHIJKLMNOPQRSTUVWXYZ0123456789 !@#$%^&*()-_=+[]{}\|/;:',.<>`~

Question marks (?) and double quotation marks (") are not allowed.

Spaces are allowed; enclose the label in double quotation marks if it includes spaces.

HSM/Partition Role Passwords or Challenge Secrets

In LunaSH, the HSM SO password must be 7-255 characters in length. The following characters are allowed:

abcdefghijklmnopqrstuvwxyzABCDEFGHIJKLMNOPQRSTUVWXYZ0123456789 !@#$%^*()-_=+[]{}/:',.~

The following characters are invalid or problematic and must not be used in the HSM SO password: "&;<>\`|

Spaces are allowed; to specify a password that includes spaces using the -password option, enclose the password in double quotation marks.

In LunaCM, passwords and challenge secrets must be 7-255 characters in length. The following characters are allowed:

abcdefghijklmnopqrstuvwxyzABCDEFGHIJKLMNOPQRSTUVWXYZ0123456789 !@#$%^&*()-_=+[]{}\|/;:',.<>?`~

Double quotation marks (") are problematic and should not be used in passwords.

Spaces are allowed; to specify a password that includes spaces using the -password option, enclose the password in double quotation marks.