General_considerations#

This page covers questions that plugin developers that want to extend FreeIPA should consider.

Please use Design page template for your proposal. Following list of questions can help you to find holes in the design. The proposed design should be linked from V4 Proposals section.

Security#

  • Does your solution introduce any security risk to the overall product?

  • Are ACIs well thought through and properly implemented?

  • Do you need to use clear text passwords, or otherwise any different method to perform authentication or store password hashes than what is already available in ipa ? Do you need to give clients access to the directory or other IPA controlled services using these alternative credentials or authentication methods? Why ?

  • Do you need to implement special new crypto functions? Why?

  • Does your plugin work in FIPS mode? (not a requirement at the moment)