Matt, Here you go:
- 2-factor Google Authenticator to supplement password auth (e.g. to strengthen password with mobile phone onetime ID or other support strong auth options) - Recaptcha required after N failed password login attempts to block brute force attacks (e.g. 5 failed logins, then captcha required) - Password strength policies - PAM support provides pluggable authentication options, at least for Linux (better than locally stored passwords) - Active Directory Kerberos integration (Windows native and Linux) If passwords to be stored locally, must be encrypted. Hope that helps. Rick > On Oct 5, 2015, at 8:34 PM, Matt Gilman <[email protected]> wrote: > > All, > > I've started working on providing additional authentication mechanisms for > the NiFi user interface. Currently, only two way SSL using client > certificates is supported to authenticate users. I would like to inquire > about which other mechanisms the community would like to see implemented. > > We have created a feature proposal discussing some of the options [1]. At a > high level, in additional to PKI, we are looking at > > - Username/password > -- stored in a local configuration file (ie authorized-users.xml) > -- stored in a configurable LDAP > -- stored in a configurable database > - Kerberos > - OpenId Connect > > What other options are important and should be added to the list? Thanks! > > Matt > > [1] > https://cwiki.apache.org/confluence/display/NIFI/Pluggable+Authentication
