You are viewing a plain text version of this content. The canonical link for it is here.
Posted to issues@mesos.apache.org by "Adam B (JIRA)" <ji...@apache.org> on 2015/10/20 22:50:27 UTC
[jira] [Commented] (MESOS-3024) HTTP endpoint authN is enabled
merely by specifying --credentials
[ https://issues.apache.org/jira/browse/MESOS-3024?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=14965727#comment-14965727 ]
Adam B commented on MESOS-3024:
-------------------------------
See also the work that [~arojas] is doing for HTTP Authentication in MESOS-2297.
I think we can start by introducing a `--authenticate_webui` flag or instead use ACLs to determine when to do webui authn.
> HTTP endpoint authN is enabled merely by specifying --credentials
> -----------------------------------------------------------------
>
> Key: MESOS-3024
> URL: https://issues.apache.org/jira/browse/MESOS-3024
> Project: Mesos
> Issue Type: Bug
> Components: master, security
> Reporter: Adam B
> Assignee: Marco Massenzio
> Labels: authentication, http, mesosphere
>
> If I set `--credentials` on the master, framework and slave authentication are allowed, but not required. On the other hand, http authentication is now required for authenticated endpoints (currently only `/shutdown`). That means that I cannot enable framework or slave authentication without also enabling http endpoint authentication. This is undesirable.
> Framework and slave authentication have separate flags (`\--authenticate` and `\--authenticate_slaves`) to require authentication for each. It would be great if there was also such a flag for framework authentication. Or maybe we get rid of these flags altogether and rely on ACLs to determine which unauthenticated principals are even allowed to authenticate for each endpoint/action.
--
This message was sent by Atlassian JIRA
(v6.3.4#6332)