role createchallenge
Create a challenge secret for the Crypto Officer (CO) or Crypto User (CU) role on the current partition (slot). This command applies to PED-authenticated partitions only.
The challenge secret is a text string (password) that provides an additional level of authentication for PED-authenticated partitions. If you create a challenge secret for a role, the role authenticates to the partition as follows:
>If the role is not activated on the partition, the role must provide both the PED key and challenge secret to gain access to the partition.
>If the role is activated on the partition, the role is able to access the partition using the challenge secret only.
See Activation on Multifactor Quorum-Authenticated Partitions for more information.
You must be logged in as the Partition SO to create a challenge for the Crypto Officer. You must be logged in as the Crypto Officer to create a challenge for the Crypto User. The target role must already exist. See role init.
NOTE This command is not applicable on DPoD Luna Cloud HSM services.
In LunaCM, passwords
abcdefghijklmnopqrstuvwxyzABCDEFGHIJKLMNOPQRSTUVWXYZ0123456789 !@#$%^&*()-_=+[]{}\|/;:',.<>?`~
Double quotation marks ("
) are problematic and should not be used within passwords.
Spaces are allowed; to specify a password with spaces using the -password or -newpw option of a command, enclose the password in double quotation marks.
Syntax
role createchallenge -name <role> [-challengesecret <string>]
Argument(s) | Shortcut | Description |
---|---|---|
-name <role> | -n | Name of role for which the challenge is to be created |
-challengesecret | -c | The challenge secret (password) you wish to create for this role. If this option is not included, you will be prompted to enter a challenge secret, masked by asterisks (*). |
Example
lunacm:> role createchallenge -name co Please attend to the PED. enter new challenge secret: ******** re-enter new challenge secret: ******** Command Result : No Error