Name, Label, and Password Requirements
This page describes length and character requirements for setting
>Custom Appliance User Accounts
>HSM/Partition Role Passwords or Challenge Secrets
Custom Appliance User Accounts
LunaSH user names can be 1-32 characters in length, chosen from letters a-z, or A-Z, numbers 0-9, the dash, the dot, or the underscore:
abcdefghijklmnopqrstuvwxyzABCDEFGHIJKLMNOPQRSTUVWXYZ0123456789-._
No spaces are allowed. User names cannot begin with a dot, dash, or number. As with any secure system, no two users (regardless of role) can have the same name.
Custom Appliance Roles
LunaSH role names can be 1-64 characters in length. The following characters are allowed:
abcdefghijklmnopqrstuvwxyzABCDEFGHIJKLMNOPQRSTUVWXYZ0123456789-._
No spaces are allowed. Role names cannot start with a dot or dash. Creating a role name that begins with a number is not recommended. As with any secure system, no two roles can have the same name.
Appliance User Passwords
LunaSH passwords must be at least eight characters in length,
and include characters from at least three of the following four
groups:
> lowercase alphabetic: abcdefghijklmnopqrstuvwxyz
> uppercase alphabetic: ABCDEFGHIJKLMNOPQRSTUVWXYZ
> numeric: 0123456789
> special (spaces allowed): !@#$%^&*()-_=+[]{}\|/;:'",.<>?`~
HSM Labels
The HSM label created during initialization must be 1-32 characters in length. If you specify a longer label, it will automatically be truncated to 32 characters. Only alphanumeric characters and the underscore are allowed:
abcdefghijklmnopqrstuvwxyzABCDEFGHIJKLMNOPQRSTUVWXYZ0123456789_
Cloning Domains
On password-authenticated HSMs, the domain string must be 1-128 characters in length. The following characters are allowed:
abcdefghijklmnopqrstuvwxyzABCDEFGHIJKLMNOPQRSTUVWXYZ0123456789 !@#$%^*-_=+[]{}/:',.~
The following characters are problematic or invalid and must not be used in a domain string: "&;<>\`|()
Spaces are allowed, as long as the leading character is not a space; to specify a domain string that includes spaces using the -domain option, enclose the string in double quotation marks.
Partition Names
Partition names created in LunaSH must be 1-32 characters in length. The following characters are allowed:
abcdefghijklmnopqurstuvwxyzABCDEFGHIJKLMNOPQRSTUVWXYZ 0123456789!@#$%^*()-_=+{}[]:,./?~
Spaces are allowed; enclose the partition name in double quotes if it includes spaces.
The following characters are not allowed: &\|;<>`'"?
No two partitions can have the same name.
Partition Labels
The partition label created during initialization must be 1-32 characters in length. If you specify a longer label, it will automatically be truncated to 32 characters. The following characters are allowed:
abcdefghijklmnopqrstuvwxyzABCDEFGHIJKLMNOPQRSTUVWXYZ0123456789 !@#$%^&*()-_=+[]{}\|/;:',.<>`~
Question marks (?
) and double quotation marks ("
) are not allowed.
Spaces are allowed; enclose the label in double quotation marks if it includes spaces.
HSM/Partition Role Passwords or Challenge Secrets
In LunaSH, the HSM SO password must be 7-255 characters in length. The following characters are allowed:
abcdefghijklmnopqrstuvwxyzABCDEFGHIJKLMNOPQRSTUVWXYZ0123456789 !@#$%^*()-_=+[]{}/:',.~
The following characters are invalid or problematic and must not be used in the HSM SO password: "&;<>\`|
Spaces are allowed; to specify a password that includes spaces using the -password option, enclose the password in double quotation marks.
In LunaCM, passwords and challenge secrets must be 7-255 characters in length. The following characters are allowed:
abcdefghijklmnopqrstuvwxyzABCDEFGHIJKLMNOPQRSTUVWXYZ0123456789 !@#$%^&*()-_=+[]{}\|/;:',.<>?`~
Double quotation marks ("
) are problematic and should not be used in passwords.
Spaces are allowed; to specify a password that includes spaces using the -password option, enclose the password in double quotation marks.