You are viewing a plain text version of this content. The canonical link for it is here.
Posted to issues@mesos.apache.org by "Till Toenshoff (JIRA)" <ji...@apache.org> on 2016/05/25 21:10:14 UTC

[jira] [Commented] (MESOS-5450) Make the SASL dependency optional.

    [ https://issues.apache.org/jira/browse/MESOS-5450?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=15300851#comment-15300851 ] 

Till Toenshoff commented on MESOS-5450:
---------------------------------------

Let's please adapt the above description and set straight that we do have a pluggable authentication layer -- in fact, we actually have it for both, V0 and V1 (HTTP) authentication.

I would also like to propose adding a long term solution, minimizing the platform specifics within Mesos core.

How about this:

We remove the default implementation of the authentication which makes SASL a hard dependency of libmesos right now. We ship the CRAM-MD5 authenticator module with Mesos, allowing installation just like we already do with other modules. We disable installing and building of the CRAM-MD5 authenticator for Windows. 

All of this only needs platform specific patches in our build env - not in the code.

Then, instead of disabling authentication within Mesos for Windows as it is now proposed in a short termed solution, we actually add a trivial, not perfectly flexible but usable authentication module. Please mind that one great advantage of using SASL is the mechanism negotiation. Lets call this new variant our “test-authentication" for now. That one will get included in all builds of Mesos, also within the Windows variant. For Windows, it would be the default authentication, for other platforms we stick with CRAM-MD5 by default but still offer the "test-authentication" as an option to be selected by the user when starting up the runnables (master, agent and framework).

Such authenticator / authenticatee pair might also pose as a great example and starting point for other developers, intending to add custom authentication variants not supported by SASL (or simply without SASL for any reason).


> Make the SASL dependency optional.
> ----------------------------------
>
>                 Key: MESOS-5450
>                 URL: https://issues.apache.org/jira/browse/MESOS-5450
>             Project: Mesos
>          Issue Type: Bug
>          Components: slave
>            Reporter: Alex Clemmer
>            Assignee: Alex Clemmer
>              Labels: mesosphere
>
> Right now there is a hard dependency on SASL, which probably won't work well on Windows (at least) in the near future for our use cases.
> In the future, it would be nice to have a pluggable authentication layer.



--
This message was sent by Atlassian JIRA
(v6.3.4#6332)