partition changePw

Change the password for a role on the partition. For multifactor quorum-authenticated HSMs, this command allows you to change the PED key secret and/or the challenge secret. For password-authenticated HSMs, this command changes the partition password.

NOTE This command requires Luna Appliance Software 7.8.1 or newer. It cannot be used on STC partitions; the Partition SO must use LunaCM at the client for partition management.

From time to time, it might be necessary to change the secret associated with a role on an HSM appliance, a role on an HSM or a partition of an HSM, or a cloning domain secret. Reasons for changing credentials include:

>Regular credential rotation as part of your organization's security policy

>Compromise of a role or secret due to loss or theft of a PED key

>Personnel changes in your organization or changes to individual security clearances

>Changes to your security scheme (implementing/revoking M of N, PINs, or shared secrets)

User Privileges

Users with the following privileges can perform this command:

>Admin

>Operator

Syntax

partition changePw -partition <name> [-cu] [-newpw <password>] [-oldpw <password>]

Parameter(s)	Shortcut	Description
-cu	-c	Change the password/PED key secret/challenge secret for the Crypto User role.
-newpw <password>	-n	Specifies the new partition password.
-oldpw <password>	-o	Specifies the existing partition password, to be replaced by the new password.
-partition <name>	-p	Specifies the partition name. Partition names are obtained with the partition list command.

Example

lunash:>partition changePw -partition myPartition


  Which part of the partition password do you wish to change?

  1.  change partition PED key data for Crypto Officer
  2.  change the challenge for Crypto Officer
  0.  abort command

  Please select one of the above options: 1


  Please enter the current Crypto Officer's challenge:
  > ********

Luna PED operation required to change partition PED data - use Crypto Officer PED key.

Warning:  PED key change has caused Crypto Officer role deactivation. Please
          use 'partition activate' to re-activate.

'partition changePw' successful.


Command Result : 0 (Success)



	SUPPORT	LEGAL
Luna Network HSM 7 Documentation © Copyright 2001-2024, Thales Group Last Updated: 2024-04-15 13:18:27 GMT-04:00	Customer Release Notes Customer Support Portal Support Contacts	End User License Agreement Third Party Software Licenses Document Information