Netscape MANAGEMENT SYSTEM 6.0 - COMMAND-LINE Manual page 35

• Assume that you have set PINs for all entries in the user directory. Two new
users joined your organization and you updated the directory with new users'
information. For the new users to get certificates, the directory must contain
PINs. And you want to set PINs for just those user entries without making
changes to any of the other user entries. Instead of constructing a complex
LDAP filter to filter out just these two entries, you can construct a general filter,
put the two users' DNs in the input file, and run the PIN Generator.
• Assume that you want your users to use their social security numbers as PINs.
You can enter users' social security numbers as PINs in the input file, and the
PIN Generator will store them as hashed values in the directory.
The format of the input file is the same as that of the output file (see "Output File"
on page 36), with the omission of the status line. In the input file, you can choose to
specify PINs for all the DNs in the file, for specific DNs, or for none of the DNs. If
the PIN attribute is missing for a DN, the tool automatically generates a random
PIN.
For example, you can set up your input file to look like this:
dn:cn=user1, o=example.com
<blank line>
dn:cn=user2, o=example.com
<blank line>
...
dn:cn=user3, o=example.com
You can also provide PINs, in plain-text format, for the DNs in the input file, which
is then hashed according to the command-line arguments. For example, you can set
up your input file to look like this:
dn:cn=user1, o=example.com
pin:pl229Ab
<blank line>
dn:cn=user2, o=example.com
pin:9j65dSf
<blank line>
...
dn:cn=user3, o=example.com
pin:3knAg60
<blank line>
How the Tool Works
Chapter 4 PIN Generator Tool 35