If this is the first time using the HSM, there will be a single administrator available named ADMIN. The default ADMIN is protected with a keyfile provided on SAKA, located at /usr/local/strongauth/strongkeylite/etc/admin.key
. To login this admin, follow these steps.
Click Manage → Login/Logoff on the menu.
Select ADMIN and click Login. The following window displays:
Click Keyfile Token, which enables Key Path and Password. For the default administrator, browse to (using the … button) or type the Key Path /usr/local/strongauth/strongkeylite/etc/admin.key
and leave Password blank. Once done, select OK to login ADMIN.
After closing the Login/Logoff window, note the Login State and Session value at the bottom of CAT. Logging in the default administrator yields a Login State of 22000000. The first number represents the User Management permission. This permission allows an administrator to add and remove administrators. The second number represents the System Management permission. This permission allows the administrator to access the Master Backup Key (MBK) functions, perform backup and recovery, clear the HSM, load firmware, and reset alarms. For ease of use, StrongKey recommends creating all administrators with both permissions.
These permissions are 220000000 instead of 11000000 because the HSM supports the creation of administrators with half the privileges needed to administer the HSM. In these cases, at least two administrators must be logged in at the same time for any administrative functions to work. The following shows an example of two administrators logged in granting enough privilege to administer the HSM:
The process for logging in a smart-card-based administrator is similar to using the keyfile. After selecting the administrator to login, the Choose User Token for Login window displays. With Smartcard Token selected, click OK and have the administrator follow the directions on the smart card reader.