audit changePwd

Change the password or PED key contents for the HSM Audit role. Both the old and the new PED key are required for Luna Network HSM 7 with multifactor quorum authentication.

[For the appliance-level audit role (to make SSH or serial connection to lunash command line, before you can access the HSM) see my password set.]

From time to time, it might be necessary to change the secret associated with a role on an HSM appliance, a role on an HSM or a partition of an HSM, or a cloning domain secret. Reasons for changing credentials include:

>Regular credential rotation as part of your organization's security policy

>Compromise of a role or secret due to loss or theft of a PED key

>Personnel changes in your organization or changes to individual security clearances

>Changes to your security scheme (implementing/revoking M of N, PINs, or shared secrets)

User Privileges

Only specialized Audit users can access audit commands.


audit changePwd [-serial <serialnum>] [-oldpw <password>] [-newpw <password>]

Argument(s) Shortcut Description
-newpw <password> -n

Specifies the new password for the Audit role. If you do not use this parameter, you are prompted to enter and confirm the password. A valid password should be a mix of upper and lower-case letters, digits, and other characters, and must be a minimum of 8 characters long.

-oldpw <password> -o Specifies the current password for the HSM Audit role. If you do not use this parameter, you are prompted for the password. This parameter applies to password-authenticated HSMs only.
-serial <serialnum> -s

Specifies the serial number of the HSM. This option allows the system to distinguish between two connected HSMs, as might occur with a PKI bundle configuration (secondary USB-attached Luna USB HSM 7).


lunash:>audit changePwd

  Please enter the old password:
  > *******

  Please enter the new password:
  > ********

  Please re-enter the new password:
  > ********

Command Result : 0 (Success)