mesos-user mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Sivaram Kannan <sivara...@gmail.com>
Subject Re: Who is the user in Mesos Authorization ACL definition?
Date Mon, 09 Mar 2015 05:21:22 GMT
Hi Vinod,

Thanks, I got it. I guess I did not understand the relationship between
principals defined in authentication and in authorization.  I re-read the
authentication and credentials flag, it is not clear from them that the
principals defined in authorization should match them to work correctly. If
I could, will change the documentation to be more clear and submit a PR.

Thanks,
./Siva.

On Mon, Mar 9, 2015 at 2:18 AM, Vinod Kone <vinodkone@apache.org> wrote:

> The principal used for authenticating the framework is the same principal
> used to authorize the framework too. So you need to use 'marathon' in your
> credentials too. In other words, when you start the framework the
> Credential.principal should be the same as FrameworkInfo.principal (Mesos
> master will validate this).
>
> On Sun, Mar 8, 2015 at 10:48 AM, Sivaram Kannan <sivaramsk@gmail.com>
> wrote:
>
>> I0308 17:41:14.876610     6 master.cpp:1342] Authorizing framework
>> principal 'user1' to receive offers for role 'apps'
>>
>
> As you can see from this line, the master is trying to authorize principal
> 'user1' and not 'marathon'.
>



-- 
ever tried. ever failed. no matter.
try again. fail again. fail better.
        -- Samuel Beckett

Mime
View raw message