Manualshelf

Setup guide

ManualsBrandsRed Hat ManualsComputer equipmentNETSCAPE DIRECTORY SERVER 6.01
41424344454647484950
How the Tool Works
Chapter 4 PIN Generator Tool 43
How PINs Are Stored in the Directory
Each PIN is concatenated with the corresponding user's LDAP attribute named in
the
saltattribute argument. If this argument is not specified, the DN of the user
is used. Then, this string is hashed with the hash routine specified in the hash
argument (the default selection is SHA-1).
Then, one byte is prepended t o indicate the hash type used. Here’s how the PIN
gets stored:
byte[0] = X
The value of X depends on the hash algorithm chosen during the PIN generation
process:
X=0 if the hash algorithm chosen is SHA-1.
X=1 if the hash algorithm chosen is MD5.
X=45 if the hash algorithm chosen is none.
byte[1...] = hash("DN"+"pin")
The PIN is stored in the directory as a binary value, not as a base-64 encoded value.
Exit Codes
The PIN Generator returns exit codes to the shell w indow; for a list of codes, see
Table 4-2. If you plan on automating the PIN-generation process, exit codes are
useful in programming shell scripts.
Table 4-2 Exit codes returned by the PIN Generator
Exit code Description
0 Indicates that PINgeneration was successful; that is, PINs are set for all the DNs in the
specified directory.
2 Indicates that the tool could not open the certificate database specified by the certdb
parameter.
3 Indicates that the tool could not locate the certificate specified by the nickname
parameter in the specified certificate database.
4 Indicates that the tool could not bind to the directory as the user specified by the
binddn parameter (over SSL).
5 Indicates that the tool could not open the output file specified by the output
parameter.