[
https://issues.apache.org/jira/browse/MESOS-2001?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel
]
Till Toenshoff updated MESOS-2001:
----------------------------------
Description:
For covering a complete modules based authentication, we will need to allow for
authenticatee modules just like we are with authenticator modules.
h4.Motivation
Allow for third parties to quickly develop and plug-in new authentication
methods. The modularized Authenticatee API will lower the barrier for the
community to provide new methods to Mesos. An example for such additional, next
step module could be PAM (LDAP, MySQL, NIS, UNIX) backed authentication.
cyrus-sasl2 itself already offers more than a half a dozen mechanisms via its
standard plugins and these could be triggered by additional Authenticator /
Authenticatee modules. cyrus-sasl2 does support even more mechanisms when being
custom built (about a full dozen) but we do not want to bundle cyrus-sasl2 to
enforce custom builds. Alternative authentication (especially non-SASL based)
methods may bring in new dependencies that we don't want to enforce on all of
our users. Mesos users may be required to use custom authentication techniques
due to strict security policies.
was:For covering a complete modules based authentication, we will need to
allow for authenticatee modules just like we are with authenticator modules.
> Authenticatee modules similar to Authenticator modules
> ------------------------------------------------------
>
> Key: MESOS-2001
> URL: https://issues.apache.org/jira/browse/MESOS-2001
> Project: Mesos
> Issue Type: Epic
> Components: modules
> Reporter: Till Toenshoff
>
> For covering a complete modules based authentication, we will need to allow
> for authenticatee modules just like we are with authenticator modules.
> h4.Motivation
> Allow for third parties to quickly develop and plug-in new authentication
> methods. The modularized Authenticatee API will lower the barrier for the
> community to provide new methods to Mesos. An example for such additional,
> next step module could be PAM (LDAP, MySQL, NIS, UNIX) backed authentication.
> cyrus-sasl2 itself already offers more than a half a dozen mechanisms via its
> standard plugins and these could be triggered by additional Authenticator /
> Authenticatee modules. cyrus-sasl2 does support even more mechanisms when
> being custom built (about a full dozen) but we do not want to bundle
> cyrus-sasl2 to enforce custom builds. Alternative authentication (especially
> non-SASL based) methods may bring in new dependencies that we don't want to
> enforce on all of our users. Mesos users may be required to use custom
> authentication techniques due to strict security policies.
--
This message was sent by Atlassian JIRA
(v6.3.4#6332)
