You are viewing a plain text version of this content. The canonical link for it is here.
Posted to dev@nifi.apache.org by joewitt <gi...@git.apache.org> on 2016/04/19 05:48:56 UTC

[GitHub] nifi pull request: NIFI-1614 File Identity Provider implementation

Github user joewitt commented on the pull request:

    https://github.com/apache/nifi/pull/267#issuecomment-211716593
  
    @jvwing @alopresto Have you had a chance to re-engage on this?  It seems like a reasonable easy-path option for folks just wanting to use some simple/local username and password based setup.  My responses to the questions James posed:
    
    What is required to make this viable?
    - This discussion appears on track
    
    Is there a better medium than bcrypt that combines widespread tool support with decent encryption.
    - Sounds like you and Andy both see it as a good option.
    
    Are we open to including a command-line user admin tool?
    - In my opinion we should be consistent that administrative actions occur by editing files on the command line in the less optimal case and interacting through a designed/intentional UX in the best case.  We should strive to move away from config file based options and move fully towards service/REST API driven approaches.  These will serve us better in clustered/cloud type environments as well.
    
    Are we open to including a sample credentials file? Where would you recommend it go?
    - Absolutely.  In conf directory like the others of its type.  I think an argument could be made to have this username/password driven mode be the default.
    
    Are we open to documenting this identity provider on the front-page of the Admin Guide alongside X.509 and LDAP? Where else should I do so?
    - We must do so.  We should fully embrace this as an option and document what it is good for and not good for.  Our current default of having no authentication at all is what we should be working to eliminate.  I think this offers us a good first step to do that.


---
If your project is set up for it, you can reply to this email and have your
reply appear on GitHub as well. If your project does not have this feature
enabled and wishes so, or if the feature is enabled but not working, please
contact infrastructure at infrastructure@apache.org or file a JIRA ticket
with INFRA.
---