role init

Initializes (creates) the named role on the current partition / slot, if applicable.

Use the command role list to see which roles are possible on the current partition/slot.

The Auditor role can exist only on the HSM's administrative partition, and shares that partition with the HSM Security Officer or SO. The Auditor role cannot be initialized by another role. Therefore, if the HSM SO is currently logged in, the SO must log out before you run role init to create the Auditor.

When the Auditor role is created, it has no domain set. To allow Auditor to clone, you must log in as Auditor and run the command role setdomain. See role setdomain.

Syntax

role init -name <role> [-password <password>]

Argument(s) Shortcut Description
-name <role> -n

Name of role to be initialized. You can type the entire string, or use the shortcut shown in parentheses (not case-sensitive).

Valid roles:

Crypto Officer (CO). The PO initializes the CO.

Crypto User (CU). The CO initializes the CU.

Audit (AU). The SO initializes the AU.

-password <password> -p

The initial password for role, valid for the initial login only.

In LunaCM, passwords and challenge secrets must be 7-255 characters in length. The following characters are allowed:

abcdefghijklmnopqrstuvwxyzABCDEFGHIJKLMNOPQRSTUVWXYZ0123456789 !@#$%^&*()-_=+[]{}\|/;:',.<>?`~

Double quotation marks (") are problematic and should not be used in passwords.

Spaces are allowed; to specify a password that includes spaces using the -password option, enclose the password in double quotation marks.

NOTE   The role must change the initial password using the command role changepw during the initial login session, or when they attempt a subsequent login.

Example

Initializing the Crypto Officer role

lunacm:>role init -name co

        Please attend to the PED.

Command Result : No Error

Initializing the Auditor role

lunacm:>role init -name au

        Please attend to the PED.

Command Result : No Error