Uploaded image for project: 'Mesos'
  1. Mesos
  2. MESOS-9638

Mesos masters do not authenticate with agents.

    XMLWordPrintableJSON

    Details

      Description

      Currently Mesos agents do not verify that the messages they receive are coming from the leading master and haven't been tampered with. In untrusted environments this can be a source of security issues.

      There are a couple of ways to fix this:
      1) implement Master authentication on the transport or application level for each agent<->master connection (this might not be sufficient to distinguish a master from the leading master)
      2) implement Master authentication on the transport level (for the connection to be encrypted) upon agent registration and pass a secret to the master for all subsequent, possibly separate and unencrypted, connections (the secret can be leaked on an unencrypted connection).

        Attachments

          Issue Links

            Activity

              People

              • Assignee:
                Unassigned
                Reporter:
                alexr Alex R
              • Votes:
                0 Vote for this issue
                Watchers:
                2 Start watching this issue

                Dates

                • Created:
                  Updated: