System information
The PIN Generator can receive a list of DNs to modify in a text file specified by the input
argument. If an input file is specified, then the tool compares the DNs returned by the filtered to
the ones in the input file and updates only those DNs that match in the input file.
The input enables the user to provide the PIN Generator with an exact list of DNs to modify; it is
also possible to provide the PIN Generator with PINs in plain text for all DNs or for specific DNs.
There are two common situations when using an input file is useful:
• If PINs have been set for all entries in the user directory, and new users join the organization.
For the new users to get certificates, the directory must contain PINs. PINs should be
generated for only those two entries without changing any of the other user entries. Instead of
constructing a complex LDAP filter, using an input file allows using a general filter, and the
modified entries are restricted to the DNs of the two users listed in the input file.
• If a particular values, such as Social Security numbers, should be used as PINs, then the
Social Security numbers can be put in the input file and provide those numbers as PINs to the
PIN Generator. These are then stored as hashed values in the directory.
The format of the input file is the same as that of the output file (refer to Section 2.2, “Output
File”) except for the status line. In the input file, PINs can be set for all the DNs in the file, for
specific DNs, or for none of the DNs. If the PIN attribute is missing for a DN, the tool
automatically generates a random PIN.
An input file looks like the following example:
dn:cn=user1, o=example.com
dn:cn=user2, o=example.com
...
dn:cn=user3, o=example.com
PINs can also be provided for the DNs in plain-text format; these PINs are hashed according to
the command-line arguments.
dn:cn=user1, o=example.com
pin:pl229Ab
dn:cn=user2, o=example.com
pin:9j65dSf
...
dn:cn=user3, o=example.com
pin:3knAg60
Chapter 6. PIN Generator
28