You are viewing a plain text version of this content. The canonical link for it is here.
Posted to commits@nifi.apache.org by "ASF GitHub Bot (JIRA)" <ji...@apache.org> on 2016/04/19 05:49:25 UTC

[jira] [Commented] (NIFI-1614) Simple Username/Password Authentication

    [ https://issues.apache.org/jira/browse/NIFI-1614?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=15247127#comment-15247127 ] 

ASF GitHub Bot commented on NIFI-1614:
--------------------------------------

Github user joewitt commented on the pull request:

    https://github.com/apache/nifi/pull/267#issuecomment-211716593
  
    @jvwing @alopresto Have you had a chance to re-engage on this?  It seems like a reasonable easy-path option for folks just wanting to use some simple/local username and password based setup.  My responses to the questions James posed:
    
    What is required to make this viable?
    - This discussion appears on track
    
    Is there a better medium than bcrypt that combines widespread tool support with decent encryption.
    - Sounds like you and Andy both see it as a good option.
    
    Are we open to including a command-line user admin tool?
    - In my opinion we should be consistent that administrative actions occur by editing files on the command line in the less optimal case and interacting through a designed/intentional UX in the best case.  We should strive to move away from config file based options and move fully towards service/REST API driven approaches.  These will serve us better in clustered/cloud type environments as well.
    
    Are we open to including a sample credentials file? Where would you recommend it go?
    - Absolutely.  In conf directory like the others of its type.  I think an argument could be made to have this username/password driven mode be the default.
    
    Are we open to documenting this identity provider on the front-page of the Admin Guide alongside X.509 and LDAP? Where else should I do so?
    - We must do so.  We should fully embrace this as an option and document what it is good for and not good for.  Our current default of having no authentication at all is what we should be working to eliminate.  I think this offers us a good first step to do that.


> Simple Username/Password Authentication
> ---------------------------------------
>
>                 Key: NIFI-1614
>                 URL: https://issues.apache.org/jira/browse/NIFI-1614
>             Project: Apache NiFi
>          Issue Type: Improvement
>          Components: Extensions
>            Reporter: James Wing
>            Priority: Minor
>
> NiFi should include a simple option for username/password authentication backed by a local file store.  NiFi's existing certificate and LDAP authentication schemes are very secure.  However, the configuration and setup is complex, making them more suitable for long-lived corporate and government installations, but less accessible for casual or short-term use.  Simple username/password authentication would help more users secure more NiFi installations beyond anonymous admin access.



--
This message was sent by Atlassian JIRA
(v6.3.4#6332)