Manualshelf

System information

ManualsBrandsRed Hat ManualsOtherCERTIFICATE SYSTEM 7.3 - COMMAND-LINE
41424344454647484950
NOTE
Hashed PINs cannot be provided to the tool.
2.2. Output File
The PIN Generator can capture the output to a text file specified by the output option.
The output contains a sequence of records in the following format:
dn: user_dn1
pin: generated_pin1
status: status1
dn: user_dn2
pin: generated_pin2
status: status2
...
dn: user_dn#
pin: generated_pin#
status: status#
where user_dn is a distinguished name matching the DN filter or listed in the input file. By
default, the delimiter is a semi-colon (;) or the character defined on the command line.
generated_pin is a string of characters of fixed or variable length, depending on the length
parameters used. status is one of the values listed Table 6.2, “PIN Generator Status ”.
The first line in each record is always the DN. The subsequent lines for pin and status are
optional. The record ends with a blank line, using the Unix end of line sequence, (\n).
2.3. How PINs Are Stored in the Directory
Each PIN is concatenated with the corresponding LDAP attribute named in the saltattribute
argument. If this argument is not specified, the DN is used. That string is hashed with the
routine specified in the hash argument; the default algorithm is SHA-1. One byte is prepended
to indicate the hash type used. The PIN is stored as follows:
byte[0] = X
The value of X depends on the hash algorithm chosen during the PIN generation process.
Output File
29