You identify your plugin by giving it a keystore name. When you add the plugin to KMF, the software identifies it by its keystore name. The plugin can be defined to accept an option. This procedure includes how to remove the plugin from KMF.
% /usr/bin/kmfcfg install keystore=keystore-name \ modulepath=path-to-plugin [option="option-string"]
where
Specifies a unique name for the keystore that you provide.
Specifies the full path to the shared library object for the KMF plugin.
Specifies an optional argument to the shared library object.
% kmfcfg list plugin keystore-name:path-to-plugin [(built-in)] | [;option=option-string]
% kmfcfg uninstall keystore=keystore-name % kmfcfg plugin list
In the following example, the administrator stores a KMF plugin in a site-specific directory. The plugin is defined to accept a debug option. The administrator adds the plugin and verifies that the plugin is installed.
# /usr/bin/kmfcfg install keystore=mykmfplug \ modulepath=/lib/security/site-modules/mykmfplug.so # kmfcfg list plugin KMF plugin information: ----------------------- pkcs11:kmf_pkcs11.so.1 (built-in) file:kmf_openssl.so.1 (built-in) nss:kmf_nss.so.1 (built-in) mykmfplug:/lib/security/site-modules/mykmfplug.so # kmfcfg modify plugin keystore=mykmfplug option="debug" # kmfcfg list plugin KMF plugin information: ----------------------- ... mykmfplug:/lib/security/site-modules/mykmfplug.so;option=debug
The plugin now runs in debugging mode.