role changepw

Change the password, PED key secret, or activation challenge password for the currently logged-in role.

In LunaCM, passwords and activation challenge secrets must be 7-255 characters in length (NOTE: If you are using firmware version 7.0.x, 7.3.3, or 7.4.2, activation challenge secrets must be 7-16 characters in length). The following characters are allowed:

abcdefghijklmnopqrstuvwxyzABCDEFGHIJKLMNOPQRSTUVWXYZ0123456789 !@#$%^&*()-_=+[]{}\|/;:',.<>?`~

Double quotation marks (") are problematic and should not be used within passwords.  

Spaces are allowed; to specify a password with spaces using the -password option, enclose the password in double quotation marks.

Syntax

role changepw -name <role> [-oldpw <oldpassword>] [-newpw <newpassword>] [-prompt] [-force]

Argument(s) Shortcut Description
-name <role> -n Role to change password for. This must be the currently logged-in role.
-oldpw <oldpassword> -old

Current password (for application partition on PW authenticated HSM) or current challenge secret (for application partition on PED authenticated HSM).

If you include option -oldpw the HSM assumes that you wish to change the challenge secret, which is the "secondary credential". This applies to Crypto Officer and Crypto User, which each have primary and secondary credentials, but not to Partition SO, which has only primary credential.

If you omit option -oldpw the HSM assumes that you wish to change the "primary credential" or PED key secret.

Required if you wish to change the secondary credential.

-newpw <newpassword> -new

New password (for application partition on PW authenticated HSM) or new challenge secret (for application partition on PED authenticated HSM).

Required if you have already provided an -oldpw.
-prompt -p Prompt for challenges (challenges will be hidden by *)
-force -f Force the action. Use this option to bypass the warning about primary/secondary credentials on a PED-authenticated HSM, as shown in the example.

Examples

Change credential on the HSM's Admin partition

lunacm:> role login -name SO

        Please attend to the PED.

Command Result : No Error




lunacm:> role changepw -name SO -prompt

        Warning: this role has no secondary credentials.
                -prompt parameter will be ignored.

        Type 'proceed' to continue, or 'quit' to quit now -> proceed

        Please attend to the PED.

Command Result : No Error

Change Crypto Officer's password

lunacm:> role changepw -name co -oldpw PASSWORD -newpw userpin

        Type 'proceed' to continue, or 'quit' to quit now -> proceed

Command Result : No Error

Change the Crypto Officer's primary credential (PED Key secret) 

lunacm:> role changepw -name co

        This role has secondary credentials.
        You are about to change the primary credentials.
        Are you sure you wish to continue?

        Type 'proceed' to continue, or 'quit' to quit now -> proceed


Command Result : No Error

Change Crypto Officer's secondary credential (challenge secret)

lunacm:> role changepw -name co -oldpw PASSWORD -newpw userpin

        This role has secondary credentials.   
        You are about to change the secondary credentials. 
        Are you sure you wish to continue? 


        Type 'proceed' to continue, or 'quit' to quit now -> proceed


Command Result : No Error