role resetpw

Resets the password for a specified role. On Luna HSMs, the Partition SO can reset the Crypto Officer password or black PED key only if HSM policy 15: Enable SO reset of partition PIN is enabled. By default, this policy is not enabled and changing it is destructive.

If the target role is not on the current partition, you must specify the target role's partition's slot.

NOTE   Resetting passwords for roles on partitions other than the current active partition is possible only from the administrative partition.


role resetpw -name <role> [-password <password>] [-slot <slotnumber>] [-logoutOther]

Argument(s) Shortcut Description
-logoutOther -l

Log out the role with the given name from other applications. Include the -logoutOther option if there is an immediate security concern, and you want all applications' access to be terminated immediately, to minimize damage due to a compromised credential.

Issue the command without this option for relaxed situations like scheduled password roll-over, or personnel departing on good terms, or other non-urgent reasons, where you want the applications using the partition, with the current role credential, to have time to finish current tasks and end their sessions. When they resume activity, and need to create new sessions, they will do so only under the new credential for the role.

-name <role> -n Name of role to have password reset.
-password <password> -p

Password for the specified role. Use this option for password-authenticated HSMs only. Multifactor Quorum-authenticated HSMs will return an error.

In LunaCM, passwords and activation challenge secrets must be 8-255 characters in length (NOTE: If you are using firmware version 7.0.x, 7.3.3, or 7.4.2, activation challenge secrets must be 7-16 characters in length). The following characters are allowed:

abcdefghijklmnopqrstuvwxyzABCDEFGHIJKLMNOPQRSTUVWXYZ0123456789 !@#$%^&*()-_=+[]{}\|/;:',.<>?`~

Double quotation marks (") are problematic and should not be used within passwords.

Spaces are allowed; to specify a password with spaces using the -password option, enclose the password in double quotation marks.

-slot <slotnumber> -s

Target slot.


lunacm:> role resetpw -name co

        Please attend to the PED.

Command Result : No Error