sysconf forceSOLogin
Access commands that allow you to enable or disable SO login enforcement, or display the current SO login enforcement setting.
When SO login enforcement is enabled, access to some LunaSH commands is restricted to the HSM SO. See sysconf forceSOLogin enable for a list of the affected commands.
Syntax
sysconf forcesologin
disable
enable
show
| Argument(s) | Shortcut | Description |
|---|---|---|
| disable | d | Disable SO login enforcement. See sysconf forceSOLogin disable*. |
| enable | e | Enable SO login enforcement. See sysconf forceSOLogin enable**. |
| show | s | Display the current SO login enforcement setting. See sysconf forceSOLogin show. |
* On successful hsm factoryReset or sysconf config factoryReset (option "all") the Luna Network HSM 7 SO Login Enforcement feature is reset to "disabled".
** If the HSM is not initialized, then the Luna Network HSM 7 SO Login Enforcement feature cannot be enabled or disabled.
Most LunaSH commands, except time- and partition-specific ones do not require the HSM Security Officer to be logged in. The Luna Network HSM 7 SO Login Enforcement option functions as follows:
>Only the SO can enable Luna Network HSM 7 SO Login Enforcement.
>When enabled, the feature verifies that the HSM SO is logged in before authorizing the operations described below.
>Only the HSM SO can disable Luna Network HSM 7 SO Login Enforcement.
Affected commands
The affected commands include all commands that can have an effect on the HSM, its partitions, or application access to the partitions (Items that are solely appliance-level features generally are not affected).
client
>client assignPartition
>client delete
>client hostip map
>client hostip unmap
>client register
>client revokePartition
ntls
>ntls bind
>ntls certificate monitor disable
>ntls certificate monitor enable
>ntls certificate monitor trap trigger
>ntls information reset
>ntls ipcheck disable
>ntls ipcheck enable
>ntls tcp_keepalive set
>ntls threads set
>ntls timer set
sysconf
>sysconf config factoryReset
>sysconf regenCert
