[
https://issues.apache.org/jira/browse/MESOS-3024?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=15024132#comment-15024132
]
Adam B commented on MESOS-3024:
-------------------------------
Sorry, that was a typo. Should have been "a flag for http authentication".
Fixed now.
As for the code block you quote, that's for the new scheduler HTTP API, which
doesn't yet support authentication (see MESOS-2297), so if the master requires
framework authentication, we disable the scheduler HTTP API.
This ticket is not about the new HTTP API, but rather about the existing
operator endpoints like `/teardown`
> HTTP endpoint authN is enabled merely by specifying --credentials
> -----------------------------------------------------------------
>
> Key: MESOS-3024
> URL: https://issues.apache.org/jira/browse/MESOS-3024
> Project: Mesos
> Issue Type: Bug
> Components: master, security
> Reporter: Adam B
> Assignee: Marco Massenzio
> Labels: authentication, http, mesosphere
>
> If I set `--credentials` on the master, framework and slave authentication
> are allowed, but not required. On the other hand, http authentication is now
> required for authenticated endpoints (currently only `/shutdown`). That means
> that I cannot enable framework or slave authentication without also enabling
> http endpoint authentication. This is undesirable.
> Framework and slave authentication have separate flags (`\--authenticate` and
> `\--authenticate_slaves`) to require authentication for each. It would be
> great if there was also such a flag for http authentication. Or maybe we get
> rid of these flags altogether and rely on ACLs to determine which
> unauthenticated principals are even allowed to authenticate for each
> endpoint/action.
--
This message was sent by Atlassian JIRA
(v6.3.4#6332)
