Unlocking the master

If the master user account is locked, it can be unlocked by another operator via the Remote Console or via the Local Console.

If the HSM is part of a Replication Domain, the unlock information is replicated to the other nodes in the pool in a best-effort protocol; if there are any problems in the replication, the master user is still unlocked locally on the node.

If the master user is using a second authentication factor (OTP or X.509 certificate) it is also possible to reset this setting.

The HSM service must be running to unlock the master user.

Master user unlock screen

Master user unlock screen