mesos-issues mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From "Adam B (JIRA)" <j...@apache.org>
Subject [jira] [Commented] (MESOS-7097) Framework credentials can be used to register as an agent.
Date Fri, 10 Feb 2017 03:57:41 GMT

    [ https://issues.apache.org/jira/browse/MESOS-7097?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=15860647#comment-15860647
] 

Adam B commented on MESOS-7097:
-------------------------------

Sounds great! Maybe we can finally get rid of the master's whitelist flag (which controls
offers but not registration).

> Framework credentials can be used to register as an agent.
> ----------------------------------------------------------
>
>                 Key: MESOS-7097
>                 URL: https://issues.apache.org/jira/browse/MESOS-7097
>             Project: Mesos
>          Issue Type: Bug
>            Reporter: Yan Xu
>
> Mesos uses the same credentials for all default http authenticators and the crammd5 authenticator,
across clients that include frameworks, agents and operators. All authenticated clients are
treated the same until the authorizer kicks in when handling specific actions.
> There's currently not an ACL that limits who can/cannot register as agents so whoever
obtains the framework credentials can freely do so. The ability to register as agents should
be limited to the entities with the agent credentials/principles.



--
This message was sent by Atlassian JIRA
(v6.3.15#6346)

Mime
View raw message