Change the password for a role on the partition. For multifactor quorum-authenticated HSMs, this command allows you to change the PED key secret and/or the challenge secret. For password-authenticated HSMs, this command changes the partition password.
NOTE This command requires Luna Network HSM Appliance Software 7.8.1 or newer. It cannot be used on STC partitions; the Partition SO must use LunaCM at the client for partition management.
From time to time, it might be necessary to change the secret associated with
>Regular credential rotation as part of your organization's security policy
>Compromise of a role or secret due to loss or theft of a PED key
>Personnel changes in your organization or changes to individual security clearances
>Changes to your security scheme (implementing/revoking M of N, PINs, or shared secrets)
Users with the following privileges can perform this command:
partition changepw -partition <name> [-cu] [-newpw <password>] [-oldpw <password>]
|-cu||-c||Change the password/PED key secret/challenge secret for the Crypto User role.|
|-newpw <password>||-n||Specifies the new partition password.|
|-oldpw <password>||-o||Specifies the existing partition password, to be replaced by the new password.|
|-partition <name>||-p||Specifies the partition name. Partition names are obtained with the partition list command.|
lunash:>partition changepw -partition myPartition Which part of the partition password do you wish to change? 1. change partition PED key data for Crypto Officer 2. change the challenge for Crypto Officer 0. abort command Please select one of the above options: 1 Please enter the current Crypto Officer's challenge: > ******** Luna PED operation required to change partition PED data - use Crypto Officer PED key. Warning: PED key change has caused Crypto Officer role deactivation. Please use 'partition activate' to re-activate. 'partition changePw' successful. Command Result : 0 (Success)