Unlocking the master
If the user account master is locked, it can be unlocked by another operator via the Remote Console or via the Local Console.
If the HSM is part of a Replication Domain, the unblocking information will be replicated to the other nodes in the pool in a best-effort protocol; if there are any problems in the replication, the user master is still unblocked locally on the node.
If the user master is using a second authentication factor (OTP or X.509 certificate) it is also possible to reset this setting.
The HSM service must be running to unlock the user master.
Dinamo - Local Management Console
┌──────┤ Partition ├──────┐
│ ◂ │
│ master ▸ │
│ Authorization │
│ Local Crypto │
└─────────────────────────┘
Service running... Replication Domain: <none> Dinamo - Local Management Console
┌───────┤ Master User ├────────┐
│ ◂ │
│ Unblock │
│ Reset Certificate Auth │
│ Reset OTP Auth │
└──────────────────────────────┘
Service running... Replication Domain: <none>