[
https://issues.apache.org/jira/browse/NIFI-8816?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=18042840#comment-18042840
]
ASF subversion and git services commented on NIFI-8816:
-------------------------------------------------------
Commit 3fe2c472a3931258ed8db0fef468a487a8583f1e in nifi's branch
refs/heads/main from Rajmund Takács
[ https://gitbox.apache.org/repos/asf?p=nifi.git;h=3fe2c472a3 ]
NIFI-8816 Set custom krb5.conf System Property for NiFi Registry when
configured (#10582)
NiFi Registry ignored the `nifi.registry.kerberos.krb5.file` property and
always relied on the system-level `krb5.conf`, so Kerberos deployments
with non-standard config paths failed.
During bootstrap the runtime now reads `getKerberosConfigurationFile()`
from `NiFiRegistryProperties`, sets `java.security.krb5.conf` before
Jetty initialization, and logs the resolved path so operators can
verify the override.
Signed-off-by: David Handermann <[email protected]>
> Kerberos cannot be enabled without also enabling SPNEGO
> -------------------------------------------------------
>
> Key: NIFI-8816
> URL: https://issues.apache.org/jira/browse/NIFI-8816
> Project: Apache NiFi
> Issue Type: Bug
> Components: NiFi Registry
> Reporter: Jeff Storck
> Assignee: Rajmund Takacs
> Priority: Major
> Time Spent: 1h 10m
> Remaining Estimate: 0h
>
> Kerberos cannot be enabled without additionally configuring SPNEGO by setting
> *{{nifi.registry.kerberos.spnego.principal}}* and
> *{{nifi.registry.kerberos.spnego.keytab.location}}* in
> *{{nifi-registry.properties}}*.
> NiFi Registry should be able to use Kerberos to authenticate users by
> minimally setting *{{nifi.registry.kerberos.krb5.file}}*, without enabling
> SPNEGO.
--
This message was sent by Atlassian Jira
(v8.20.10#820010)
