[
https://issues.apache.org/jira/browse/MESOS-1939?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=14494872#comment-14494872
]
Adam B commented on MESOS-1939:
-------------------------------
Note that the Authorizer and Authenticator/Authenticatee are two different
(sets of) interfaces. We have already turned the Authentication interfaces into
Mesos Modules, but have yet to do the same for the Authorizer interface.
This JIRA is specifically for Authentication (not Authorization), for example
the slaves could use the default CRAMMD5Authenticatee
(src/authentication/cram_md5/authenticatee.hpp) while frameworks could
authenticate via a custom authentication module (e.g. Kerberos, PKI, etc.). In
the master, you would specify multiple authenticator modules, and the master
could have a collection (list, set) of them. On the authenticatee side, the
framework/slave would (phase 1) be started with a single authenticatee type, or
(phase 2) a list of authentication mechanisms, in some order of preference. The
authenticatee would have to pass the authentication mechanism to the master
(perhaps via the AuthenticateMessage) so that the master can know which
Authenticator to use to authenticate the authenticatee.
> Enable multiple authentication methods in parallel
> --------------------------------------------------
>
> Key: MESOS-1939
> URL: https://issues.apache.org/jira/browse/MESOS-1939
> Project: Mesos
> Issue Type: Improvement
> Components: master
> Reporter: Till Toenshoff
> Priority: Minor
> Labels: authentication
>
> The master (authenticator) should allow for multiple authentication
> mechanisms to be used at the same time. That way, a slave could be
> authenticated by mechanism FOO while the frameworks are authenticated by BAR.
> The authenticatee should be allowed to select the desired mechanism (module).
--
This message was sent by Atlassian JIRA
(v6.3.4#6332)
