Github user alopresto commented on the pull request: https://github.com/apache/nifi/pull/267#issuecomment-195651563 @jvwing James, you've obviously put effort and thought into this and I didn't mean to deride it. I am working to get the Kerberos authentication completed for the release, but I will re-visit this as soon as I finish up with that. I think historically, user management and authentication has been "certificates or bust" from the NiFi point of view, delegating that responsibility to tools more focused on that concern. LDAP integration was just recently added, and Kerberos is obviously yet to be delivered. Off the top of my head, Bcrypt is definitely a strong candidate for the password hashing (single-iteration SHA-256 is essentially the same as plaintext), the certificate support is fairly well-documented in the [Admin Guide](https://nifi.apache.org/docs/nifi-docs/html/administration-guide.html#security-configuration), keystores are not user-editable flat files and are password-protected by default, and there are substantial third-party resources surrounding the documentation of "securing a NiFi instance" from various organizations.
--- If your project is set up for it, you can reply to this email and have your reply appear on GitHub as well. If your project does not have this feature enabled and wishes so, or if the feature is enabled but not working, please contact infrastructure at infrastruct...@apache.org or file a JIRA ticket with INFRA. ---