1) Basic password authentication with Recaptcha after N failed logins (encrypted password storage)
2) 2-factor Google Auth option to supplement password logins 3) Active Directory / Kerberos auth (with 2-factor option as well) > On Oct 5, 2015, at 8:56 PM, Joe Witt <[email protected]> wrote: > > Thanks Rick. If you were to say which of that you'd want 'first' and > then which you can see coming later please advise. > > All: Please do just that - let us know which you need 'now' and which > you can wait on. > > Thanks > Joe > >> On Mon, Oct 5, 2015 at 9:53 PM, Rick Braddy <[email protected]> wrote: >> Matt, >> >> Here you go: >> >> - 2-factor Google Authenticator to supplement password auth (e.g. to >> strengthen password with mobile phone onetime ID or other support strong >> auth options) >> >> - Recaptcha required after N failed password login attempts to block brute >> force attacks (e.g. 5 failed logins, then captcha required) >> >> - Password strength policies >> >> - PAM support provides pluggable authentication options, at least for Linux >> (better than locally stored passwords) >> >> - Active Directory Kerberos integration (Windows native and Linux) >> >> If passwords to be stored locally, must be encrypted. >> >> Hope that helps. >> >> Rick >> >>> On Oct 5, 2015, at 8:34 PM, Matt Gilman <[email protected]> wrote: >>> >>> All, >>> >>> I've started working on providing additional authentication mechanisms for >>> the NiFi user interface. Currently, only two way SSL using client >>> certificates is supported to authenticate users. I would like to inquire >>> about which other mechanisms the community would like to see implemented. >>> >>> We have created a feature proposal discussing some of the options [1]. At a >>> high level, in additional to PKI, we are looking at >>> >>> - Username/password >>> -- stored in a local configuration file (ie authorized-users.xml) >>> -- stored in a configurable LDAP >>> -- stored in a configurable database >>> - Kerberos >>> - OpenId Connect >>> >>> What other options are important and should be added to the list? Thanks! >>> >>> Matt >>> >>> [1] >>> https://cwiki.apache.org/confluence/display/NIFI/Pluggable+Authentication
