[
https://issues.apache.org/jira/browse/NIFI-1614?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=15247127#comment-15247127
]
ASF GitHub Bot commented on NIFI-1614:
--------------------------------------
Github user joewitt commented on the pull request:
https://github.com/apache/nifi/pull/267#issuecomment-211716593
@jvwing @alopresto Have you had a chance to re-engage on this? It seems
like a reasonable easy-path option for folks just wanting to use some
simple/local username and password based setup. My responses to the questions
James posed:
What is required to make this viable?
- This discussion appears on track
Is there a better medium than bcrypt that combines widespread tool support
with decent encryption.
- Sounds like you and Andy both see it as a good option.
Are we open to including a command-line user admin tool?
- In my opinion we should be consistent that administrative actions occur
by editing files on the command line in the less optimal case and interacting
through a designed/intentional UX in the best case. We should strive to move
away from config file based options and move fully towards service/REST API
driven approaches. These will serve us better in clustered/cloud type
environments as well.
Are we open to including a sample credentials file? Where would you
recommend it go?
- Absolutely. In conf directory like the others of its type. I think an
argument could be made to have this username/password driven mode be the
default.
Are we open to documenting this identity provider on the front-page of the
Admin Guide alongside X.509 and LDAP? Where else should I do so?
- We must do so. We should fully embrace this as an option and document
what it is good for and not good for. Our current default of having no
authentication at all is what we should be working to eliminate. I think this
offers us a good first step to do that.
> Simple Username/Password Authentication
> ---------------------------------------
>
> Key: NIFI-1614
> URL: https://issues.apache.org/jira/browse/NIFI-1614
> Project: Apache NiFi
> Issue Type: Improvement
> Components: Extensions
> Reporter: James Wing
> Priority: Minor
>
> NiFi should include a simple option for username/password authentication
> backed by a local file store. NiFi's existing certificate and LDAP
> authentication schemes are very secure. However, the configuration and setup
> is complex, making them more suitable for long-lived corporate and government
> installations, but less accessible for casual or short-term use. Simple
> username/password authentication would help more users secure more NiFi
> installations beyond anonymous admin access.
--
This message was sent by Atlassian JIRA
(v6.3.4#6332)
