You are viewing a plain text version of this content. The canonical link for it is here.
Posted to issues@nifi.apache.org by joewitt <gi...@git.apache.org> on 2018/08/10 18:38:41 UTC
[GitHub] nifi issue #2944: [WIP] NIFI-5506 - support disabling wantClientAuth for use...
Github user joewitt commented on the issue:
https://github.com/apache/nifi/pull/2944
On the PR:
- Small things:
1) The message has the wrong JIRA number
2) The default of false is incorrect and should be true to remain consistent with current usage.
Bigger concern:
The design of NiFi security model as discussed in the previous discussion thread is important to consider here. Have you tested that a secure NiFi cluster, cluster replication, and site-to-site capabilities function in this configuration? Can you elaborate on the testing conducted? It is believed these would all break under this code change and configuration.
We need to have a more formal feature related discussion on how to get from where we are to where we need to be to properly support this. Your use case is a perfectly good one to support but to get there we cannot break what we do support today.
---