You are viewing a plain text version of this content. The canonical link for it is here.

Posted to issues@mesos.apache.org by "Adam B (JIRA)" <ji...@apache.org> on 2017/02/10 03:57:41 UTC

[jira] [Commented] (MESOS-7097) Framework credentials can be used to register as an agent.

    [ https://issues.apache.org/jira/browse/MESOS-7097?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=15860647#comment-15860647 ] 

Adam B commented on MESOS-7097:
-------------------------------

Sounds great! Maybe we can finally get rid of the master's whitelist flag (which controls offers but not registration).

> Framework credentials can be used to register as an agent.
> ----------------------------------------------------------
>
>                 Key: MESOS-7097
>                 URL: https://issues.apache.org/jira/browse/MESOS-7097
>             Project: Mesos
>          Issue Type: Bug
>            Reporter: Yan Xu
>
> Mesos uses the same credentials for all default http authenticators and the crammd5 authenticator, across clients that include frameworks, agents and operators. All authenticated clients are treated the same until the authorizer kicks in when handling specific actions.
> There's currently not an ACL that limits who can/cannot register as agents so whoever obtains the framework credentials can freely do so. The ability to register as agents should be limited to the entities with the agent credentials/principles.



--
This message was sent by Atlassian JIRA
(v6.3.15#6346)