[
https://issues.apache.org/jira/browse/AIRFLOW-3164?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=16700940#comment-16700940
]
Bolke de Bruin commented on AIRFLOW-3164:
-----------------------------------------
Because the user in this respect can't really be trusted. We have already had
reports of people leaving their Airflow installations wide open.
We give you the choice by implementing your own auth backend but then you are
really on your own.
On your note on FAB's usage in Airflow. FAB still supports non TLS indeed, but
we should maybe consider suggesting a patch that disables it. You have plenty
of time to test it without being required to use it and you are not required to
upgrade if you don't want. We just don't want to maintain two UIs side by side.
Long story short: enable TLS on your LDAP server it is not hard to do and it is
best practice. There is no reason not to.
> verify certificate of LDAP server
> ---------------------------------
>
> Key: AIRFLOW-3164
> URL: https://issues.apache.org/jira/browse/AIRFLOW-3164
> Project: Apache Airflow
> Issue Type: Bug
> Reporter: Bolke de Bruin
> Priority: Blocker
> Fix For: 1.10.1
>
>
> Currently we dont verify the certificate of the Ldap server this can lead to
> security incidents.
--
This message was sent by Atlassian JIRA
(v7.6.3#76005)
