Kerberos
Below is an example and description of configuring a Login Identity Provider that integrates with a Kerberos Key Distribution Center (KDC) to authenticate users.
<provider> <identifier>kerberos-provider</identifier> <class>org.apache.nifi.kerberos.KerberosProvider</class> <property name="Default Realm">NIFI.APACHE.ORG</property> <property name="Kerberos Config File">/etc/krb5.conf</property> <property name="Authentication Expiration">12 hours</property> </provider>
With this configuration, username/password authentication can be enabled by referencing this provider in nifi.properties.
nifi.security.user.login.identity.provider=kerberos-provider
Property Name | Description |
---|---|
| The duration of how long the user authentication is valid for. If the user never logs out, they will be required to log back in following this duration. |
| Default realm to provide when user enters incomplete user principal (i.e. NIFI.APACHE.ORG). |
| Absolute path to Kerberos client configuration file. |
See also Kerberos Service to allow single sign-on access via client Kerberos tickets.