Name, Label, and Password Requirements
This page describes length and character requirements for setting
>Custom Appliance User Accounts
>HSM/Partition Role Passwords or Challenge Secrets
Custom Appliance User Accounts
LunaSH user names can be 1-32 characters in length, chosen from letters a-z, or A-Z, numbers 0-9, the dash, the dot, or the underscore:
abcdefghijklmnopqrstuvwxyzABCDEFGHIJKLMNOPQRSTUVWXYZ0123456789-._
No spaces are allowed. User names cannot begin with a dot, dash, or number. As with any secure system, no two users (regardless of role) can have the same name.
Custom Appliance Roles
LunaSH role names can be 1-255 characters in length. The following characters are allowed:
abcdefghijklmnopqrstuvwxyzABCDEFGHIJKLMNOPQRSTUVWXYZ0123456789_
No spaces are allowed. Creating a role name that begins with a number is not recommended. As with any secure system, no two roles can have the same name.
Appliance User Passwords
LunaSH passwords must be at least eight characters in length,
and include characters from at least three of the following four
groups:
> lowercase alphabetic: abcdefghijklmnopqrstuvwxyz
> uppercase alphabetic: ABCDEFGHIJKLMNOPQRSTUVWXYZ
> numeric: 0123456789
> special (spaces allowed): !@#$%^&*()-_=+[]{}\|/;:'",.<>?`~
HSM Labels
The HSM label created during initialization must be 1-32 characters in length. If you specify a longer label, it will automatically be truncated to 32 characters. Only alphanumeric characters and the underscore are allowed:
abcdefghijklmnopqrstuvwxyzABCDEFGHIJKLMNOPQRSTUVWXYZ0123456789_
Cloning Domains
The domain string must be 1-128 characters in length. The following characters are allowed:
abcdefghijklmnopqrstuvwxyzABCDEFGHIJKLMNOPQRSTUVWXYZ0123456789 !@#$%^*-_=+[]{}/:',.~
The following characters are problematic or invalid and must not be used in a domain string: "&;<>\`|()
Spaces are allowed, as long as the leading character is not a space; to specify a domain string with spaces using the -domain option, enclose the string in double quotation marks.
For password-authenticated HSMs, the domain string should match the complexity of the partition password.
Partition Names
Partition names created in LunaSH must be 1-32 characters in length. The following characters are allowed:
abcdefghijklmnopqurstuvwxyzABCDEFGHIJKLMNOPQRSTUVWXYZ 0123456789!@#$%^*()-_=+{}[]:',./~
Spaces are allowed; enclose the partition name in double quotes if it includes spaces.
The following characters are not allowed: &\|;<>`"?
No two partitions can have the same name.
Partition Labels
In LunaSH, the partition label created during initialization must be 1-32 characters in length. The following characters are allowed:
abcdefghijklmnopqrstuvwxyzABCDEFGHIJKLMNOPQRSTUVWXYZ0123456789 !@#$%^*()-_=+[]{}/:',.~
Spaces are allowed; enclose the label in double quotation marks if it includes spaces.
In LunaCM, the partition label created during initialization must be 1-32 characters in length. If you specify a longer label, it will automatically be truncated to 32 characters. The following characters are allowed:
abcdefghijklmnopqrstuvwxyzABCDEFGHIJKLMNOPQRSTUVWXYZ0123456789 !@#$%^&*()-_=+[]{}\|/;:',.<>`~
Spaces are allowed; enclose the label in double quotation marks if it includes spaces.
HSM/Partition Role Passwords or Challenge Secrets
In LunaSH, HSM role passwords must be 8-255 characters in length. The following characters are allowed:
abcdefghijklmnopqrstuvwxyzABCDEFGHIJKLMNOPQRSTUVWXYZ0123456789 !@#$%^*()-_=+[]{}/:',.~
The following characters are invalid or problematic and must not be used within passwords: "&;<>\`|
Spaces are allowed; to specify a password with spaces, enclose the password in double quotation marks.
In LunaCM, passwords
abcdefghijklmnopqrstuvwxyzABCDEFGHIJKLMNOPQRSTUVWXYZ0123456789 !@#$%^&*()-_=+[]{}\|/;:',.<>?`~
Double quotation marks ("
) are problematic and should not be used within passwords.
Spaces are allowed; to specify a password with spaces using the -password or -newpw option of a command, enclose the password in double quotation marks.