Details
-
Bug
-
Status: Resolved
-
Major
-
Resolution: Fixed
-
None
-
None
-
None
Description
Mesos uses the same credentials for all default http authenticators and the crammd5 authenticator, across clients that include frameworks, agents and operators. All authenticated clients are treated the same until the authorizer kicks in when handling specific actions.
There's currently not an ACL that limits who can/cannot register as agents so whoever obtains the framework credentials can freely do so. The ability to register as agents should be limited to the entities with the agent credentials/principles.
Attachments
Issue Links
- relates to
-
MESOS-8987 Master asks agent to shutdown upon auth errors.
- Resolved