Table of Contents
Advertisement
dn: <user_dn>2
pin: <generated_pin>2
status: <status>2
<blank line>
...
dn: <user_dn>n
pin: <generated_pin>n
status: <status>n
<blank line>
where
> is a distinguished name that matched the specified DN pattern
<user_dn
(specified by the DN filter) or that was in the input file (the DN file). By default, the
delimiter is "
" or the character defined on the command line.
;
is a string of characters with either fixed or variable length,
<generated_pin>
dependent on parameters passed into the command.
is one of the values specified in Table 4-1 on page 34.
<status>
The first line in each record will always be the distinguished name. The subsequent
lines, for
and
pin
status
of line (EOL) sequence is as follows:
•
On Windows NT:
•
On Unix:
\n
How PINs Are Stored in the Directory
Each PIN is concatenated with the corresponding user's LDAP attribute named in
the
argument. If this argument is not specified, the DN of the user
saltattribute
is used. Then, this string is hashed with the hash routine specified in the hash
argument (the default selection is SHA-1).
Then, one byte is prepended to indicate the hash type used. Here's how the PIN
gets stored:
byte[0] = X
The value of
depends on the hash algorithm chosen during the PIN generation
X
process:
if the hash algorithm chosen is
X=0
if the hash algorithm chosen is
X=1
if the hash algorithm chosen is
X=45
, are optional. The record ends with a blank line. The end
\r\n
SHA-1
.
MD5
none
.
.
Chapter 4
PIN Generator Tool
How the Tool Works
37
Advertisement
Table of Contents
