role init

Initializes (creates) the named role on the current partition / slot, if applicable.

Use lunacm:> role list to see which roles are available on the current partition/slot.

The Auditor role can exist only on the Luna PCIe HSM's administrative partition, and shares that partition with the HSM Security Officer. The Auditor role cannot be initialized by another role. Therefore, if the HSM SO is currently logged in, the SO must log out before you run role init to create the Auditor.

When the Auditor role is created, it has no domain set. To allow Auditor to clone, you must log in as Auditor and run lunacm:> role setdomain.

Syntax

role init -name <role> [-password <password>]

Argument(s) Shortcut Description

Argument(s)	Shortcut	Description
-name <role>	-n	Name of role to be initialized. You can type the entire string, or use the shortcut shown in parentheses (not case-sensitive). Valid roles: Crypto Officer (CO). The PO initializes the CO. Limited Crypto Officer (LCO). The CO initializes the LCO. Crypto User (CU). The CO initializes the CU. Audit (AU).
-password <password>	-p	The initial password for role, valid for the initial login only. In LunaCM, passwords and activation challenge secrets must be 7-255 characters in length (NOTE: If you are using firmware version 7.0.x, 7.3.3, or 7.4.2, activation challenge secrets must be 7-16 characters in length). The following characters are allowed: abcdefghijklmnopqrstuvwxyzABCDEFGHIJKLMNOPQRSTUVWXYZ0123456789 !@#$%^&()-_=+[]{}\\|/;:',.<>?`~ Double quotation marks (`"`) are problematic and should not be used within passwords. Spaces are allowed; to specify a password with spaces using the -password* option, enclose the password in double quotation marks. NOTE The role must change the initial password using the command role changepw during the initial login session, or when they attempt a subsequent login.

-name <role>

-n

Name of role to be initialized. You can type the entire string, or use the shortcut shown in parentheses (not case-sensitive).

Valid roles:

Crypto Officer (CO). The PO initializes the CO.

Limited Crypto Officer (LCO). The CO initializes the LCO.

Crypto User (CU). The CO initializes the CU.

Audit (AU).

-password <password>

-p

The initial password for role, valid for the initial login only.

In LunaCM, passwords and activation challenge secrets must be 7-255 characters in length (NOTE: If you are using firmware version 7.0.x, 7.3.3, or 7.4.2, activation challenge secrets must be 7-16 characters in length). The following characters are allowed:

abcdefghijklmnopqrstuvwxyzABCDEFGHIJKLMNOPQRSTUVWXYZ0123456789 !@#$%^&*()-_=+[]{}\|/;:',.<>?`~

Double quotation marks (") are problematic and should not be used within passwords.

Spaces are allowed; to specify a password with spaces using the -password option, enclose the password in double quotation marks.

NOTE The role must change the initial password using the command role changepw during the initial login session, or when they attempt a subsequent login.

Example

Initializing the Crypto Officer role

lunacm:>role init -name co

        Please attend to the PED.

Command Result : No Error

Initializing the Auditor role

lunacm:>role init -name au

        Please attend to the PED.

Command Result : No Error