role init
Initializes (creates) the named role on the current partition / slot, if applicable.
Use the command role list to see which roles are possible on the current partition/slot.
The Auditor role can exist only on the HSM's administrative partition, and shares that partition with the HSM Security Officer or SO. The Auditor role cannot be initialized by another role. Therefore, if the HSM SO is currently logged in, the SO must log out before you run role init to create the Auditor.
When the Auditor role is created, it has no domain set. To allow Auditor to clone, you must log in as Auditor and run the command role setdomain. See role setdomain.
Syntax
role init -name <role> [-password <password>]
Argument(s) | Shortcut | Description |
---|---|---|
-name <role> | -n |
Name of role to be initialized. You can type the entire string, or use the shortcut shown in parentheses (not case-sensitive). Valid roles: Crypto Officer (CO). The PO initializes the CO. Crypto User (CU). The CO initializes the CU. Audit (AU). The SO initializes the AU. |
-password <password> | -p |
The initial password for role, valid for the initial login only. In LunaCM, passwords and challenge secrets must be 7-255 characters in length. The following characters are allowed:
Double quotation marks ( Spaces are allowed; to specify a password that includes spaces using the -password option, enclose the password in double quotation marks. NOTE The role must change the initial password using the command role changepw during the initial login session, or when they attempt a subsequent login. |
Example
Initializing the Crypto Officer role
lunacm:>role init -name co Please attend to the PED. Command Result : No Error
Initializing the Auditor role
lunacm:>role init -name au Please attend to the PED. Command Result : No Error