Uploaded image for project: 'Mesos'
  1. Mesos
  2. MESOS-3024

HTTP endpoint authN is enabled merely by specifying --credentials

    XMLWordPrintableJSON

    Details

    • Target Version/s:
    • Sprint:
      Mesosphere Sprint 21, Mesosphere Sprint 22
    • Story Points:
      8

      Description

      If I set `--credentials` on the master, framework and slave authentication are allowed, but not required. On the other hand, http authentication is now required for authenticated endpoints (currently only `/shutdown`). That means that I cannot enable framework or slave authentication without also enabling http endpoint authentication. This is undesirable.

      Framework and slave authentication have separate flags (`--authenticate` and `--authenticate_slaves`) to require authentication for each. It would be great if there was also such a flag for http authentication. Or maybe we get rid of these flags altogether and rely on ACLs to determine which unauthenticated principals are even allowed to authenticate for each endpoint/action.

        Attachments

          Activity

            People

            • Assignee:
              tillt Till Toenshoff
              Reporter:
              adam-mesos Adam B
              Shepherd:
              Adam B
            • Votes:
              1 Vote for this issue
              Watchers:
              6 Start watching this issue

              Dates

              • Created:
                Updated:
                Resolved: