7. Security Modules

Starting with version 2.5 LinOTP supports different security modules.

The security module specifies how the encryption of the HMAC keys and password is handled in LinOTP.

The default behaviour having 3 AES encryption keys in a file /etc/linotp2/encKey is also seen as a security module.

• 7.1. Defining Security Modules
• 7.2. Defining SafeNet LunaSA
  • 7.2.1. Partition Password
• 7.3. Setting up SafeNet LunaSA
  • 7.3.1. Requirements
  • 7.3.2. Network settings
  • 7.3.3. LunaSA server certificate
  • 7.3.4. Initialization of HSM
  • 7.3.5. Setting up HSM clients and assigning clients to HSM partitions
  • 7.3.6. Troubleshooting
• 7.4. Create AES Keys
• 7.5. Backup and restore with LunaSA
  • 7.5.1. Backup
  • 7.5.2. Restore
• 7.6. Setting up HA and Load balancing for LunaSA
  • 7.6.1. Register LinOTP
  • 7.6.2. Creating HA group
  • 7.6.3. Monitoring
• 7.7. Managing Passwords with LunaSA
  • 7.7.1. Changing admin Password
  • 7.7.2. Changing HSM PED Password
  • 7.7.3. Changing Partition Passwords
  • 7.7.4. Resetting Partition Passwords