audit login

Log into the HSM Audit user.

The name "audit" is


For password-authenticated HSM, login needs the most recently set password for the "audit" HSM role.

For an HSM with multifactor quorum authentication, a new audit role secret was created on the HSM and imprinted on a white PED key, or otherwise an existing audit secret role secret was retrieved from a presented white PED key and imprinted onto the HSM. After initialization, the appropriate white PED key is needed for HSM audit role login. (This might also include a PED PIN secret that was optionally entered from the PED keypad and must now be provided in order to complete the secret that the HSM needs from the white iKey. Further, the audit role secret might have been split initially by invoking MofN greater than 1, and so a quorum (M) of the N splits must be presented at login.)

User Privileges

Only specialized Audit users can access audit commands.


audit login [-serial <serialnum>] [-password <password>]

Argument(s) Shortcut Description
-serial <serialnum> -s HSM Serial Number - identifies which HSM is to accept the login if you have multiple HSMs (for example a Backup HSM or a Luna USB HSM 7 locally connected to your host).
-password <password> -p

The password of the HSM you are logging into. Used for password-authenticated HSMs. If you prefer not to write the password, in the clear, on the command line, leave it out and you will be prompted for it. Ignored for multifactor quorum-authenticated HSMs.

If the audit log area in the HSM becomes full, the HSM stops accepting most commands, and does not prompt for password when login is requested. In that case, provide the password with the command, and the login is accepted.

Audit log full does not affect login for multifactor quorum-authenticated HSMs.


Multifactor Quorum-Authenticated HSM

lunash:>audit login

Luna PED operation required to login as HSM Auditor - use Audit user (white) PED key.

Command Result : 0 (Success)

Password-Authenticated HSM

lunash:>audit login

  Please enter the password:
  > ********

Command Result : 0 (Success)