Unauthenticated Users
Public (unauthenticated) access to HSMs is allowed. Because authentication applies to tokens, a user may be simultaneously authenticated to one token while accessing another token without authentication.
NOTE The services available to unauthenticated users are heavily dependent on the active security policy.
Unauthenticated users have these abilities:
>Exercise status querying services
>Authenticate to a token
>If ‘No Clear PINs’ is not set, they may initialize User or Smart Card Tokens and specify their labels and SO PINs
>If token flag CKF_LOGIN_REQUIRED is FALSE, they can create, destroy, import, export, generate, derive and use Public objects on the token
>If token flag CKF_LOGIN_REQUIRED is FALSE, they can exercise cryptographic services with Public objects
>If ‘Authentication Protection’ is not set, they can exercise the digesting services
>Force session terminate, restart HSM by running the hsmreset utility.