Bryan Bende created NIFI-8972:
---------------------------------
Summary: Introduce KerberosUserService
Key: NIFI-8972
URL: https://issues.apache.org/jira/browse/NIFI-8972
Project: Apache NiFi
Issue Type: Improvement
Reporter: Bryan Bende
Assignee: Bryan Bende
Previously we introduced the KerberosCredentialsService as a mechanism to
protect access to keytabs. The interface for this service was specific to
keytabs and therefore couldn't be reused when introducing password-based
Kerberos. It would also be nice to support ticket-cache based login, but we'd
have to introduce yet another service for this.
Almost every processor that does Kerberos authentication already utilizes the
KerberosUser related classes from nifi-commons, and there are implementations
for keytab, password, and ticket cache logins. We introduce a new service API
that returns an instance of KerberosUser, with corresponding implementations
for keytab, password, and ticket cache.
This new service API would replace the existing KerberosCredentialsService
which could be marked for removal on major release. In addition, we would be
able to remove all of the inline properties for pincipal, keytab, and password
from any processors/services, and solely rely on instances of the new
KerberosUserService.
--
This message was sent by Atlassian Jira
(v8.3.4#803005)
