[MESOS-3024] HTTP endpoint authN is enabled merely by specifying --credentials - ASF JIRA

XML

Word

Printable

JSON

Details

Type: Bug
Status: Resolved
Priority: Major
Resolution: Fixed
Affects Version/s: None
Fix Version/s: 0.27.0
Component/s: master, security
Labels:

Target Version/s:

0.27.0
Sprint:
Mesosphere Sprint 21, Mesosphere Sprint 22
Story Points:
8

Description

If I set `--credentials` on the master, framework and slave authentication are allowed, but not required. On the other hand, http authentication is now required for authenticated endpoints (currently only `/shutdown`). That means that I cannot enable framework or slave authentication without also enabling http endpoint authentication. This is undesirable.

Framework and slave authentication have separate flags (`--authenticate` and `--authenticate_slaves`) to require authentication for each. It would be great if there was also such a flag for http authentication. Or maybe we get rid of these flags altogether and rely on ACLs to determine which unauthenticated principals are even allowed to authenticate for each endpoint/action.

Attachments

Activity

People

Assignee:: Till Toenshoff

Reporter:: Adam B

Shepherd:: Adam B

Votes:: 1 Vote for this issue

Watchers:: 6 Start watching this issue

Dates

Created:: 09/Jul/15 06:45

Updated:: 29/Apr/19 09:26

Resolved:: 26/Nov/18 12:21