Creating Custom Appliance User Accounts
TIP This page concerns authentication and management of roles that govern network administrative access to the appliance.
The HSM contained within the appliance has its own separate and distinct authentication roles and requirements; see hsm init , hsm login, and partition init, partition init co, partition init cu, partition createchallenge, partition changepw, and partition activate., among the various other administrative operations on the SSH-accessible appliance command path, or via the equivalent REST APIs, as well as the client-side equivalent commands (in LunaCM) partition init, partition login, partition logout, and all the partition role commands.
That is, access, management, and use of the HSM and its application partitions, are distinct from the physical platform (and operating system) in which the HSM resides.
LunaSH allows you to create custom, named user accounts on the Luna Network HSM appliance. These users are assigned one of the standard appliance roles, or a custom role that you create (see Creating Custom Appliance Roles). Use this procedure to create custom user accounts.
To create a custom user account
1.Connect to the appliance via SSH or a serial connection, and log in to LunaSH as admin or a custom user with an admin role (see Logging In to LunaSH).
2.Create the custom user account by specifying a name.
LunaSH user names can be 1-32 characters in length, chosen from letters a-z, or A-Z, numbers 0-9, the dash, the dot, or the underscore:
No spaces are allowed. User names cannot begin with a dot, dash, or number. As with any secure system, no two users (regardless of role) can have the same name.
lunash:> user add -username <username>
lunash:>user add -username james Stopping sshd: [ OK ] Starting sshd: [ OK ] Command Result : 0 (Success)
3.Assign a role to the new user account.
lunash:> user role add -username <username> -role <rolename>
lunash:>user role add -username james -role admin User james was successfully modified. Command Result : 0 (Success)
The user of this account can now log in to LunaSH with the account name and the initial password you just created for them (formerly, default password was "PASSWORD"). See Logging In to LunaSH.