Recovery Procedures

CORE Password Reset

The following recovery procedures apply to users that are authenticated by CORE:

To reset the password of ... Required Role Command
SOClosedSecurity officer - UKC partition administrator role. of the Root partition System Admin on EP ekm_recover_root_so_pwd
SOClosedSecurity officer - UKC partition administrator role. of any partition Root SOClosedSecurity officer - UKC partition administrator role. ucl user recover-pwd
Any member in a partition The partition's SOClosedSecurity officer - UKC partition administrator role. ucl user reset-pwd

Partition Lockout Release

Use the following procedures to recover from unlikely partition lockout situations.

Lockout Case Impact Recovery Note
None of the partition certificates can be used to access the partition. All key material in the partition is out of reach for the CORE clients. Create a new certified client. 1
The number of active SOs in a partition is below its quorum requirements. All actions that require quorum approval are blocked. Adjust the quorum requirements. 2

Notes:

  1. Recovery of Partition's Certificate.
  2. Partition Quorum Reset

Recovery of Partition's Certificate

This case addresses an unlikely event when all certificates of a partition owned by its clients are lost or useless (e.g. expired, signed by expired CA, etc..). To recreate the first certificate of a partition:

Note
This command doesn't affect the partition's users and their credentials. To recover credentials of its SOClosedSecurity officer - UKC partition administrator role., if needed, see CORE Password Reset.

Partition Quorum Reset

A partition quorum recovery resets the size of a partition quorum to the actual number of the partition SOs. See ekm_recover_quorum. Use this script to recover quorum on any partition, including the root partition.