You are viewing a plain text version of this content. The canonical link for it is here.

Posted to issues@nifi.apache.org by joewitt <gi...@git.apache.org> on 2018/08/10 18:38:41 UTC

[GitHub] nifi issue #2944: [WIP] NIFI-5506 - support disabling wantClientAuth for use...

Github user joewitt commented on the issue:

    https://github.com/apache/nifi/pull/2944
  
    On the PR:
    - Small things:
    1) The message has the wrong JIRA number
    2) The default of false is incorrect and should be true to remain consistent with current usage.
    
    Bigger concern:
    The design of NiFi security model as discussed in the previous discussion thread is important to consider here. Have you tested that a secure NiFi cluster, cluster replication, and site-to-site capabilities function in this configuration?  Can you elaborate on the testing conducted?  It is believed these would all break under this code change and configuration.
    
    We need to have a more formal feature related discussion on how to get from where we are to where we need to be to properly support this.  Your use case is a perfectly good one to support but to get there we cannot break what we do support today.



---