bbende commented on PR #6984: URL: https://github.com/apache/nifi/pull/6984#issuecomment-1440395671
Also one more reference point is the description of the env var from nifi-env.sh ``` # Set to false to force the use of Keytab controller service in processors # that use Kerberos. If true, these processors will allow configuration of keytab # and principal directly within the processor. If false, these processors will be # invalid if attempting to configure these properties. This may be advantageous in # a multi-tenant environment where management of keytabs should be performed only by # a user with elevated permissions (i.e., users that have been granted the 'ACCESS_KEYTAB' # restriction). ``` So the idea is if you set `NIFI_ALLOW_EXPLICIT_KEYTAB=false`, then you are forced to use a `KerberosCredentialsService` or `KerberosUserService`, so we can't make those invalid. -- This is an automated message from the Apache Git Service. To respond to the message, please log on to GitHub and use the URL above to go to the specific comment. To unsubscribe, e-mail: issues-unsubscr...@nifi.apache.org For queries about this service, please contact Infrastructure at: us...@infra.apache.org