Logging In as HSM Security Officer

Before you can create an application partition or perform other administrative functions on the HSM, you must log in as HSM Security Officer (SO), or administrative commands will fail.

To log in as HSM SO

1.Connect to the appliance via SSH or a serial connection, and log in to LunaSH as admin or a custom user with an admin role (see Logging In to LunaSH).

2.Log in to the HSM.

lunash:> hsm login

You are prompted for the HSM SO credential.

Failed HSM SO Login Attempts

If you fail three (3) consecutive HSM SO login attempts, application partitions are destroyed, the HSM is zeroized and all of its contents are rendered unrecoverable. The number is not adjustable. As soon as you authenticate successfully, the counter is reset to zero.

NOTE   The system must actually receive some erroneous/false information before it logs a failed attempt; if you merely forget to insert the PED key, or insert the wrong color key, that is not counted as a failed attempt. You must insert an incorrect PED key of the correct type, or enter an incorrect PIN or challenge secret, to fail a login attempt.