user password

Set or change the appliance password for the specified user. This command allows admin-level users to change their own password or the password for another admin-level, operator-level, or monitor-level user. Operator-level or monitor-level users, as well as the audit user, can use the my password set command to change their own password.

LunaSH passwords must be at least eight characters in length, and include characters from at least three of the following four groups:

>  lowercase alphabetic: abcdefghijklmnopqrstuvwxyz

>  uppercase alphabetic: ABCDEFGHIJKLMNOPQRSTUVWXYZ

>  numeric: 0123456789

>  special (spaces allowed):  !@#$%^&*()-_=+[]{}\|/;:'",.<>?`~

Using Luna Appliance Software 7.4.0 and older, user password <username> changes the password for <username> and expires the password such that the named user must change password after first login.

Using Luna Appliance Software 7.7.0 and newer, user password (with no argument) changes password for the currently logged-in user and does not expire it.

From time to time, it might be necessary to change the secret associated with a role on an HSM appliance, a role on an HSM or a partition of an HSM, or a cloning domain secret. Reasons for changing credentials include:

>Regular credential rotation as part of your organization's security policy

>Compromise of a role or secret due to loss or theft of a PED key

>Personnel changes in your organization or changes to individual security clearances

>Changes to your security scheme (implementing/revoking M of N, PINs, or shared secrets)

User Privileges

Users with the following privileges can perform this command:

>Admin for any user

>other users for themselves if logged in

Syntax

user password [<username>]

Argument(s) Description
<username>

Specifies the user name of the user whose password you want to change. You can change the password for operator-level, monitor-level, or other admin-level users. Omit this parameter to change your own password. *

(*Prior to Luna Appliance Software 7.4.0, the username parameter was mandatory for every use of this command. For Luna Appliance Software 7.4.0 and newer, omitting the username changes the password for the current logged-in user.)    

Example

lunash:>user password james

Changing password for user james.

You can now choose the new password.

The password must be at least 8 characters long.
The password must contain characters from at least 3 of the following 4 categories:
    - Uppercase letters (A through Z)
    - Lowercase letters (a through z)
    - Numbers (0 through 9)
    - Non-alphanumeric characters (such as !, $, #, %)

New password:
Retype new password:
passwd: all authentication tokens updated successfully.

Command Result : 0 (Success)