Github user joewitt commented on the pull request:
https://github.com/apache/nifi/pull/267#issuecomment-211716593
@jvwing @alopresto Have you had a chance to re-engage on this? It seems
like a reasonable easy-path option for folks just wanting to use some
simple/local username and password based setup. My responses to the questions
James posed:
What is required to make this viable?
- This discussion appears on track
Is there a better medium than bcrypt that combines widespread tool support
with decent encryption.
- Sounds like you and Andy both see it as a good option.
Are we open to including a command-line user admin tool?
- In my opinion we should be consistent that administrative actions occur
by editing files on the command line in the less optimal case and interacting
through a designed/intentional UX in the best case. We should strive to move
away from config file based options and move fully towards service/REST API
driven approaches. These will serve us better in clustered/cloud type
environments as well.
Are we open to including a sample credentials file? Where would you
recommend it go?
- Absolutely. In conf directory like the others of its type. I think an
argument could be made to have this username/password driven mode be the
default.
Are we open to documenting this identity provider on the front-page of the
Admin Guide alongside X.509 and LDAP? Where else should I do so?
- We must do so. We should fully embrace this as an option and document
what it is good for and not good for. Our current default of having no
authentication at all is what we should be working to eliminate. I think this
offers us a good first step to do that.
---
If your project is set up for it, you can reply to this email and have your
reply appear on GitHub as well. If your project does not have this feature
enabled and wishes so, or if the feature is enabled but not working, please
contact infrastructure at infrastruct...@apache.org or file a JIRA ticket
with INFRA.
---
