Change the password or PED key contents for the HSM Audit role. Both the old and the new PED key are required for Luna Network HSM 7 with multifactor quorum authentication.
[For the appliance-level audit role (to make SSH or serial connection to lunash command line, before you can access the HSM) see my password set.]
From time to time, it might be necessary to change the secret associated with
>Regular credential rotation as part of your organization's security policy
>Compromise of a role or secret due to loss or theft of a PED key
>Personnel changes in your organization or changes to individual security clearances
>Changes to your security scheme (implementing/revoking M of N, PINs, or shared secrets)
User Privileges
Only specialized Audit users can access audit commands.
Syntax
audit changePwd [-serial <serialnum>] [-oldpw <password>] [-newpw <password>]
| Argument(s) | Shortcut | Description |
|---|---|---|
| -newpw <password> | -n |
Specifies the new password for the Audit role. If you do not use this parameter, you are prompted to enter and confirm the password. A valid password should be a mix of upper and lower-case letters, digits, and other characters, and must be a minimum of 8 characters long. |
| -oldpw <password> | -o | Specifies the current password for the HSM Audit role. If you do not use this parameter, you are prompted for the password. This parameter applies to password-authenticated HSMs only. |
| -serial <serialnum> | -s |
Specifies the serial number of the HSM. This option allows the system to distinguish between two connected HSMs, as might occur with a PKI bundle configuration (secondary USB-attached Luna USB HSM 7). |
Example
lunash:>audit changePwd Please enter the old password: > ******* Please enter the new password: > ******** Please re-enter the new password: > ******** Command Result : 0 (Success)
