Github user alopresto commented on the pull request:
https://github.com/apache/nifi/pull/267#issuecomment-195651563
@jvwing James, you've obviously put effort and thought into this and I
didn't mean to deride it. I am working to get the Kerberos authentication
completed for the release, but I will re-visit this as soon as I finish up with
that.
I think historically, user management and authentication has been
"certificates or bust" from the NiFi point of view, delegating that
responsibility to tools more focused on that concern. LDAP integration was just
recently added, and Kerberos is obviously yet to be delivered.
Off the top of my head, Bcrypt is definitely a strong candidate for the
password hashing (single-iteration SHA-256 is essentially the same as
plaintext), the certificate support is fairly well-documented in the [Admin
Guide](https://nifi.apache.org/docs/nifi-docs/html/administration-guide.html#security-configuration),
keystores are not user-editable flat files and are password-protected by
default, and there are substantial third-party resources surrounding the
documentation of "securing a NiFi instance" from various organizations.
---
If your project is set up for it, you can reply to this email and have your
reply appear on GitHub as well. If your project does not have this feature
enabled and wishes so, or if the feature is enabled but not working, please
contact infrastructure at infrastruct...@apache.org or file a JIRA ticket
with INFRA.
---
