Kerberos
Below is an example and description of configuring an Identity Provider that integrates with a Kerberos Key Distribution Center (KDC) to authenticate users.
Set the following in nifi-registry.properties to enable Kerberos username/password authentication:
nifi.registry.security.user.identity.provider=kerberos-identity-providerModify identity-providers.xml to enable the kerberos-identity-provider. Here is the sample provided in the file:
<provider>
    <identifier>kerberos-identity-provider</identifier>
    <class>org.apache.nifi.registry.web.security.authentication.kerberos.KerberosIdentityProvider</class>
    <property name="Default Realm">NIFI.APACHE.ORG</property>
    <property name="Authentication Expiration">12 hours</property>
    <property name="Enable Debug">false</property>
</provider>The kerberos-identity-provider has the following properties:
| Property Name | Description | 
|---|---|
| 
                      | Enables debug logging output for the SunJaasKerberosClient used internally by the KerberosIdentityProvider. By default, this is set to  | 
| 
                         | Default realm to provide when user enters incomplete user principal (i.e.  | 
| 
                         | The duration for which the user authentication is valid. If the user never logs out, they will be required to log back in following this duration. | 

