Configure Kerberos Authentication

Both NiFi and NiFi Registry support authentication supported by Kerberos/Spnego.

Perform these steps in both the NiFi and NiFi Registry configuration fields.
  1. In the Enable Kerberos Authentication field, click the box for the CFM service.
  2. In the Identity Providers: Default Kerberos Identity Property - Default Realm field, enter the KDC realm.
  3. If this is your initial security setup, you can set the Initial Admin Identity to a Kerberos user.
  4. Restart each of the CFM services.

    For Kerberos, the default Kerberos provider is used. You may keep nifi.security.user.login.identity.provider value blank or set it to kerberos-provider. Cloudera Manager sets this value to kerberos-provider by default.

When the login screen displays, you may confirm your login with a KDC user.