Setup guide
How the Tool Works
Chapter 4 PIN Generator Tool 41
• Assume that you have set PINs for all entries in the user directory. Two new
users joined your organization and you updated t he directory with new users’
information. For the new users to get certificates, the directory must contain
PINs. And you want to set PINs for just those user entries without making
changes to any of the other user entries. Instead of constructing a complex
LDAPfilterto filteroutjust thesetw o entries, youcan construct ageneral filter,
put the two users’ DNs in the input file, and run the PIN Generator.
• Assume that you want your users to use their social security numbers as PINs.
You can enter users’ social s ecurity numbers as PINs in the input file, and the
PIN Generator will store t hem as hashed values in the directory.
The format of the input file is the same as that of the output file (see “Output File”
on page 42), with the omission of the status line. In the input file, you can choose to
specify PINs for all the DNs in the file, for specific DNs, or for none of the DNs. If
the PIN attribute is missing for a DN, the tool automatically generates a random
PIN.
For example, you can set up your input file to look like this:
dn:cn=user1, o=example.com
<blank line>
dn:cn=user2, o=example.com
<blank line>
...
dn:cn=user3, o=example.com
You can also provide PINs, in plain-text format, for the DNs in the input file, which
is thenhashed accordingto thecom mand-line arguments. Forexample, youcanset
up your input file to look like this:
dn:cn=user1, o=example.com
pin:pl229Ab
<blank line>
dn:cn=user2, o=example.com
pin:9j65dSf
<blank line>
...
dn:cn=user3, o=example.com
pin:3knAg60
<blank line>