Uploaded image for project: 'Mesos'
  1. Mesos
  2. MESOS-7097

Framework credentials can be used to register as an agent.

    XMLWordPrintableJSON

Details

    • Bug
    • Status: Resolved
    • Major
    • Resolution: Fixed
    • None
    • 1.3.0
    • None
    • None

    Description

      Mesos uses the same credentials for all default http authenticators and the crammd5 authenticator, across clients that include frameworks, agents and operators. All authenticated clients are treated the same until the authorizer kicks in when handling specific actions.

      There's currently not an ACL that limits who can/cannot register as agents so whoever obtains the framework credentials can freely do so. The ability to register as agents should be limited to the entities with the agent credentials/principles.

      Attachments

        Issue Links

          relates to

          Bug - A problem which impairs or prevents the functions of the product. MESOS-8987 Master asks agent to shutdown upon auth errors.

          • Blocker - Blocks development and/or testing work, production could not run
          • Resolved

          Activity

            People

              xujyan Yan Xu
              xujyan Yan Xu
              Votes:
              0 Vote for this issue
              Watchers:
              5 Start watching this issue

              Dates

                Created:
                Updated:
                Resolved: