Github user pepov commented on the issue:
https://github.com/apache/nifi/pull/2866
All in all if I was right in the previous comment I would highlight that
this is the convenience method and is not the most secure way to authenticate
against Kerberos since it requires the users to give out their passwords (even
if it's over a TLS encrypted connection) and NiFi needs direct access to the
KDC. Both of these can be avoided using the SPNEGO setup but this changeset
does not implement that.
@bbende please confirm or correct me here
---
