Now would be a good time to change the default ADMIN user to define your own OKVADMIN user. The currently defined ADMIN user is common to all Utimaco HSM. This is a security issue, as anyone with a copy of the ADMIN.key can access your HSM as ADMIN or the root user.
We will cover the process of creating your own new RSA key file. Creation of the new OKVADMIN user and the deletion of the existing ADMIN user. This new OKVADMIN user will have the same permissions mask as the exiting ADMIN user. It will now be accessed via your new RSA key file.
You also have the option of creating (2) ADMIN users and providing a (4) eyes access control. The details of this option are covered in the Utimaco csadm documentation included with the software bundle.
Locate the default ADMIN.key which can be found in the Utimaco Software at the following location. It is the default RSA key for the ADMIN user.
./Software/Linux/x86-64/Administration/key/ADMIN.key
Here are the steps you need to create a new OKVADMIN user and delete the old default ADMIN user.
|
Secure the OKVADMIN.key. You have the option of placing it onto a smartcard and using that mechanism for administrator authentication