Thanks Rick. If you were to say which of that you'd want 'first' and then which you can see coming later please advise.
All: Please do just that - let us know which you need 'now' and which you can wait on. Thanks Joe On Mon, Oct 5, 2015 at 9:53 PM, Rick Braddy <[email protected]> wrote: > Matt, > > Here you go: > > - 2-factor Google Authenticator to supplement password auth (e.g. to > strengthen password with mobile phone onetime ID or other support strong auth > options) > > - Recaptcha required after N failed password login attempts to block brute > force attacks (e.g. 5 failed logins, then captcha required) > > - Password strength policies > > - PAM support provides pluggable authentication options, at least for Linux > (better than locally stored passwords) > > - Active Directory Kerberos integration (Windows native and Linux) > > If passwords to be stored locally, must be encrypted. > > Hope that helps. > > Rick > >> On Oct 5, 2015, at 8:34 PM, Matt Gilman <[email protected]> wrote: >> >> All, >> >> I've started working on providing additional authentication mechanisms for >> the NiFi user interface. Currently, only two way SSL using client >> certificates is supported to authenticate users. I would like to inquire >> about which other mechanisms the community would like to see implemented. >> >> We have created a feature proposal discussing some of the options [1]. At a >> high level, in additional to PKI, we are looking at >> >> - Username/password >> -- stored in a local configuration file (ie authorized-users.xml) >> -- stored in a configurable LDAP >> -- stored in a configurable database >> - Kerberos >> - OpenId Connect >> >> What other options are important and should be added to the list? Thanks! >> >> Matt >> >> [1] >> https://cwiki.apache.org/confluence/display/NIFI/Pluggable+Authentication
