Hi, I think all processors acting as clients do isolate Kerberos keytabs and client certificates.
The Kafka situation is a current design limitation of Kafka, not NiFi. The good news is there's an effort underway to have Kafka not rely on global singleton config and specify those per connection instead. But this is more in the Kafka 0.11.x line. Andrew On Fri, Feb 24, 2017, 4:23 PM hunter morgan <[email protected]> wrote: > thanks for the links. > > i'm thinking that having the option of getting a template out of it or > running in minifi would be good enough. i was sad to find that the rest api > didn't seem to be included in minifi, so with it, accessible template > export. i'm gonna look at that this weekend. glad to have more direction. > > yeah there is an impedance mismatch so far. but the minifi yaml config > looks > like the closest official completed work to such a workflow. i have mixed > feelings about the flow repository stuff that's going on, but that's > probably because i'm a dev that likes my existing tools (git, vi, cli > goodness). > > it's hard to provide secure multitenant capability in nifi and isolate > keytabs/jass/keystores between users, especially when processors use code > (like kafka clients) that require or document using jvm opts to configure > global jaas. > > > also i think i wasn't joined to the list or something, so i should find out > quicker next time there's a response. > > > > -- > View this message in context: > http://apache-nifi-developer-list.39713.n7.nabble.com/flow-as-code-and-minify-scaling-isolation-tp14564p14963.html > Sent from the Apache NiFi Developer List mailing list archive at > Nabble.com. >
