Changing a Partition Role Credential

From time to time, you may need to change the credential for a role. The credential might have been compromised, or your organization's security policy may mandate password changes after a specific time interval. The following procedure allows you to change the credential for a partition role (Partition SO, Crypto Officer, Crypto User). You must first log in using the role's current credential.

To change a partition role credential

1.In LunaCM, log in using the role's current credential (see Logging In to the Application Partition).

lunacm:> role login -name <role>

2.Change the credential for the logged-in role. If you are using a password-authenticated partition, specify a new password. If you are using a PED-authenticated partition, ensure that you have a blank or rewritable PED key available. Refer to Creating PED Keys for details on creating PED keys.

In LunaCM, passwords and challenge secrets must be 7-255 characters in length. The following characters are allowed:
abcdefghijklmnopqrstuvwxyzABCDEFGHIJKLMNOPQRSTUVWXYZ0123456789 !@#$%^&*()-_=+[]{}\|/;:',.<>?`~
Double quotation marks (") are problematic and should not be used in passwords.
Spaces are allowed; to specify a password that includes spaces using the -password option, enclose the password in double quotation marks.

lunacm:> role changepw -name <role>

3.To change the CO or CU challenge secret for an activated PED-authenticated partition, specify the -oldpw and/or -newpw options.

lunacm:> role changepw -name <role> -oldpw <oldpassword> -newpw <newpassword>


Customer Support Portal

SafeNet Luna Network HSM 7.4 Product Documentation  16 December 2019  Copyright 2001-2019 Thales. All rights reserved.