Netscape MANAGEMENT SYSTEM 6.1 - ADMINISTRATOR Administrator's Manual page 396

Automated Enrollment
Creating Pins
The pin tool performs the following functions:
• Adds the necessary schema for pins to the LDAP directory.
• Adds a pin manger user who has read-write permissions to the pins that are set
up.
• Sets up ACIs to allow for pin removal once the pin has been used, giving
read-write permissions for pins to the pin manager, and preventing users from
creating or changing pins.
• Creates pins in each user entry.
The pin tool is located in the following directory:
<server_root>/bin/cert/tools
This tool comes with its own documentation in this location, and is also
documented in the CMS Command-Line Tools Guide.
To use the pin tool:
Go to the following directory:
1.
<server_root>/bin/cert/tools
Open the
2.
Follow the instructions outlined in the file and make the appropriate changes.
3.
Typically, you will need to update the Directory Server's host name, Directory
Manager's bind password, and PIN manager's password.
Run the
4.
setpin.conf
The tool modifies the schema with a new attribute (by default,
object class (by default,
ACI to allow only the
If you want to generate PINs for specific user entries, or want to provide your
5.
own PINs, you can add these pins using an input file. For information on
constructing an input file, see the PIN Generator documentation.
Run the
6.
You can run the tool first without the
without actually changing the directory.
For example:
396 Netscape Certificate Management System Administrator's Guide • February 2003
file in a text editor.
setpin.conf
command with its
setpin
file (
setpin optfile=setpin.conf
pinPerson
pinmanager
command to create hashed pins in the directory.
setpin
option pointing to the
optfile
).
), creates a
pinmanager
user to modify the
pin
option to generate a list of pins
write
) and a new
pin
user, and sets the
attribute.