How to Manage Third-Party Plugins in KMF
You identify your plugin by giving it a keystore name. When you add the plugin to KMF, the software identifies it by its keystore name. The plugin can be defined to accept an option. This procedure includes how to remove the plugin from KMF.
-
Install the plugin.
% /usr/bin/kmfcfg install keystore=keystore-name \ modulepath=path-to-plugin [option="option-string"]
where
keystore-name – Is a unique name for the keystore that you provide.
path-to-plugin – Is the full path to the shared library object for the KMF plugin.
option-string – Is an optional argument to the shared library object.
-
List the plugins.
% kmfcfg list plugin keystore-name:path-to-plugin [(built-in)] | [;option=option-string]
-
To remove the plugin, uninstall it and verify its removal.
% kmfcfg uninstall keystore=keystore-name % kmfcfg plugin list
Example 15–6 Calling a KMF Plugin With an Option
In the following example, the administrator stores a KMF plugin in a site-specific directory. The plugin is defined to accept a debug option. The administrator adds the plugin and verifies that the plugin is installed.
# /usr/bin/kmfcfg install keystore=mykmfplug \ modulepath=/lib/security/site-modules/mykmfplug.so # kmfcfg list plugin KMF plugin information: ----------------------- pkcs11:kmf_pkcs11.so.1 (built-in) file:kmf_openssl.so.1 (built-in) nss:kmf_nss.so.1 (built-in) mykmfplug:/lib/security/site-modules/mykmfplug.so # kmfcfg modify plugin keystore=mykmfplug option="debug" # kmfcfg list plugin KMF plugin information: ----------------------- ... mykmfplug:/lib/security/site-modules/mykmfplug.so;option=debug |
The plugin now runs in debugging mode.
- © 2010, Oracle Corporation and/or its affiliates