Kerberos Properties

Property

Description

nifi.registry.kerberos.krb5.file

The location of the krb5 file, if used. It is blank by default. At this time, only a single krb5 file is allowed to be specified per NiFi instance, so this property is configured here to support SPNEGO and service principals rather than in individual Processors. If necessary the krb5 file can support multiple realms. Example: /etc/krb5.conf

nifi.registry.kerberos.spnego.principal

The name of the NiFi Registry Kerberos SPNEGO principal, if used. It is blank by default. Note that this property is used to authenticate NiFi Registry users. Example: HTTP/nifi.registry.example.com or HTTP/nifi.registry.example.com@EXAMPLE.COM

nifi.registry.kerberos.spnego.keytab.location

The file path of the NiFi Registry Kerberos SPNEGO keytab, if used. It is blank by default. Note that this property is used to authenticate NiFi Registry users. Example: /etc/http-nifi-registry.keytab

nifi.registry.kerberos.spengo.authentication.expiration

The expiration duration of a successful Kerberos user authentication, if used. The default value is 12 hours.