Both NiFi and NiFi Registry support authentication supported by Kerberos/Spnego.
Perform these steps in both the NiFi and NiFi Registry
configuration fields.
-
In the Enable Kerberos Authentication field, click the
box for the CFM service.
-
In the Identity Providers: Default Kerberos Identity Property -
Default Realm field, enter the KDC realm.
-
If this is your initial security setup, you can set the Initial
Admin Identity to a Kerberos user.
-
Restart each of the CFM services.
For Kerberos, the default Kerberos provider is used. You may keep
nifi.security.user.login.identity.provider value blank
or set it to kerberos-provider. Cloudera Manager sets this
value to kerberos-provider by default.
When the login screen displays, you may confirm your login
with a KDC user.
