Unlocking the master
If the master user account is locked, it can be unlocked by another operator via the Remote Console or via the Local Console.
If the HSM is part of a Replication Domain, the unlock information is replicated to the other nodes in the pool in a best-effort protocol; if there are any problems in the replication, the master user is still unlocked locally on the node.
If the master user is using a second authentication factor (OTP or X.509 certificate) it is also possible to reset this setting.
The HSM service must be running to unlock the master user.
Dinamo - Local Management Console
┌──────┤ Partition ├──────┐
│ ◂ │
│ master ▸ │
│ Authorization │
│ Local Crypto │
└─────────────────────────┘
Service running... Replication Domain: <none> Dinamo - Local Management Console
┌───────┤ Master User ├────────┐
│ ◂ │
│ Unblock │
│ Reset Certificate Auth │
│ Reset OTP Auth │
└──────────────────────────────┘
Service running... Replication Domain: <none>