What is the reason for using "user_Id:password" for PKCS11 when it only accepts a pin?

With respect to Oracle Database 11g transparent data encryption (TDE) with HSM, I understand that th开发者_JAVA百科e following command is used to set the master encryption key. However, why does a user_Id have to be specified when the PKCS#11 library for the corresponding HSM only requires a PIN?

SQL> ALTER SYSTEM SET ENCRYPTION KEY IDENTIFIED BY "user_Id:password"

CK_DEFINE_FUNCTION(CK_RV, C_Login)(
                                       CK_SESSION_HANDLE hSession,
                                       CK_USER_TYPE userType,
                                       CK_UTF8CHAR_PTR pPin,
                                       CK_ULONG ulPinLen
                                   );

C_Login requires User Type as one of its input? Is that is what you are asking about?

Instead If it is UserID then the application will have provision for many users whom will have various access privileges; These access privileges will be tied to the user. Its more like many user profiles in windows. So that few users will have less access and few will have more access. This MAY be a reason.

The following answer is as quoted from Oracle Forum.

"SQL> alter system set ... identified by "HSM_auth_string"; where "HSM_auth_string" can be "user_name:password", a "PIN", or just a "Password"."