[
https://issues.apache.org/jira/browse/MESOS-2482?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel
]
Till Toenshoff updated MESOS-2482:
----------------------------------
Description:
The current state of the authentication implementation will retry
authentication once an error was received without even validating the
underlying failure - possibly causing pointless, infinite retry loops.
Authentication may fail due to multiple reasons, among them are things like
"authentication refused" (e.g. user/password mismatch), "authentication error"
(e.g. packet loss), etc ...
We need to make sure the authenticatee (or its host; slave / framework) is
properly informed about such errors and may then act accordingly with retries
or failures.
Retries should e.g. not get triggered by authentication refusal. Retries should
also possibly get limited in count and / or by throttling / delays.
Additionally, given that we do allow authentication on an optional level
("--authenticate_slaves", "--authenticate" both disabled), a valid fallback on
a failed authentication may actually be a registration without authentication.
was:
The current state of the authentication implementation will retry
authentication once an error was received without even validating the
underlying failure - possibly causing pointless, infinite retry loops.
Authentication may fail due to multiple reasons, among them are things like
"authentication refused" (e.g. user/password mismatch), "authentication error"
(e.g. packet loss), etc ...
We need to make sure the authenticatee (or its host; slave / framework) is
properly informed about such errors and may then act accordingly with retries
or failures.
Retries should e.g. not get triggered by authentication refusal. Retries should
also possibly get limited in count and / or by throttling / delays.
Additionally, given that we do allow authentication on an optional level
("--authenticate_slaves", "--authenticate" both disabled). Once authentication
is optional, a valid fallback on a failed authentication may actually be a
registration without authentication.
> Authentication failure / refusal needs to properly be acted upon.
> -----------------------------------------------------------------
>
> Key: MESOS-2482
> URL: https://issues.apache.org/jira/browse/MESOS-2482
> Project: Mesos
> Issue Type: Improvement
> Reporter: Till Toenshoff
>
> The current state of the authentication implementation will retry
> authentication once an error was received without even validating the
> underlying failure - possibly causing pointless, infinite retry loops.
> Authentication may fail due to multiple reasons, among them are things like
> "authentication refused" (e.g. user/password mismatch), "authentication
> error" (e.g. packet loss), etc ...
> We need to make sure the authenticatee (or its host; slave / framework) is
> properly informed about such errors and may then act accordingly with retries
> or failures.
> Retries should e.g. not get triggered by authentication refusal. Retries
> should also possibly get limited in count and / or by throttling / delays.
> Additionally, given that we do allow authentication on an optional level
> ("--authenticate_slaves", "--authenticate" both disabled), a valid fallback
> on a failed authentication may actually be a registration without
> authentication.
--
This message was sent by Atlassian JIRA
(v6.3.4#6332)
