If you don’t mind, what is the use case where keytabs aren’t working for you? I’ve always found them easier since I don’t think you can setup passwords for service principals only user principals.
Thanks Shawn From: Pat White <patwh...@verizonmedia.com> Date: Thursday, January 23, 2020 at 4:46 PM To: Shawn Weeks <swe...@weeksconsulting.us> Cc: "dev@nifi.apache.org" <dev@nifi.apache.org>, Paul Poulosky <ppoul...@verizonmedia.com> Subject: Re: Any work planned for adding Kerberos pkinit support? Wow, a lot of work on this! Thank you very much Shawn, and my apologies for completely missing the Jiras, thanks for the help. patw On Thu, Jan 23, 2020 at 4:23 PM Shawn Weeks <swe...@weeksconsulting.us<mailto:swe...@weeksconsulting.us>> wrote: Password based Kerberos is in the works and might have made it in 1.11. I’ve been seeing the pull requests for a while now. Thanks Shawn Sent from my iPhone > On Jan 23, 2020, at 11:22 AM, Pat White > <patwh...@verizonmedia.com<mailto:patwh...@verizonmedia.com>.invalid> wrote: > > Hi Folks, > > Is there any support for Kerberos authentication using Pkinit versus > keytabs, now or planned? > > Don't believe i saw anything documented, in Jira or in the src yet, but > wanted to ask in case i've missed something. Specifically looking at use by > processors, such as a service like the KeytabCredentialsService, as > opposed to user or ZK authentication. > > If not, any thoughts on an implementation approach? It seemed as though > creating a peer service, or adding an x509 API to the existing service was > reasonable, however it looks like significant work is needed to have > Kerberos aware processors support both credential schemes. > > patw