role init

Initializes (creates) the named role on the current partition / slot, if applicable.

Use lunacm:> role list to see which roles are available on the current partition/slot.

Syntax

role init -name <role> [-password <password>]

Argument(s) Shortcut Description

Argument(s)	Shortcut	Description
-name <role>	-n	Name of role to be initialized. You can type the entire string, or use the shortcut shown in parentheses (not case-sensitive). Valid roles: Crypto Officer (CO). The PO initializes the CO. Limited Crypto Officer (LCO). The CO initializes the LCO. Crypto User (CU). The CO initializes the CU.
-password <password>	-p	The initial password for role, valid for the initial login only. Passwords and activation challenge secrets must be 8-255 characters in length. Spaces are allowed; to specify a password with spaces using command-line options, enclose the password in double quotation marks. The space character may not be used as the first character in a password. The following characters are allowed: `!#$%'()+,-./0123456789:=? @ABCDEFGHIJKLMNOPQRSTUVWXYZ[]^_abcdefghijklmnopqrstuvwxyz{}~` This character set is enforced when using Luna HSM Client 10.8.0 or newer, and recommended for all previous versions. Previously-set passwords and challenge secrets are unaffected, but the new character set is enforced when these passwords are changed. NOTE* The role must change the initial password using the command role changepw during the initial login session, or when they attempt a subsequent login.

-name <role>

-n

Name of role to be initialized. You can type the entire string, or use the shortcut shown in parentheses (not case-sensitive).

Valid roles:

Crypto Officer (CO). The PO initializes the CO.

Limited Crypto Officer (LCO). The CO initializes the LCO.

Crypto User (CU). The CO initializes the CU.

-password <password>

-p

The initial password for role, valid for the initial login only.

Passwords and activation challenge secrets must be 8-255 characters in length. Spaces are allowed; to specify a password with spaces using command-line options, enclose the password in double quotation marks. The space character may not be used as the first character in a password.

The following characters are allowed:

!#$%'()*+,-./0123456789:=? @ABCDEFGHIJKLMNOPQRSTUVWXYZ[]^_abcdefghijklmnopqrstuvwxyz{}~

This character set is enforced when using Luna HSM Client 10.8.0 or newer, and recommended for all previous versions. Previously-set passwords and challenge secrets are unaffected, but the new character set is enforced when these passwords are changed.

NOTE The role must change the initial password using the command role changepw during the initial login session, or when they attempt a subsequent login.

Example

Initializing the Crypto Officer role

lunacm:>role init -name co

        Please attend to the PED.

Command Result : No Error



	SUPPORT	LEGAL
Luna USB HSM 7 Documentation © Copyright 2001-2025, Thales Group Last Updated: 2025-04-17 09:36:26 GMT-05:00	Customer Release Notes Customer Support Portal Support Contacts	End User License Agreement Third Party Software Licenses Document Information