[
https://issues.apache.org/jira/browse/MESOS-5343?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=15366054#comment-15366054
]
Benjamin Bannier commented on MESOS-5343:
-----------------------------------------
Had a brief stab at this. Aligning the master with the agent behavior does
require at least two changes:
1) just copying the agent authn flag validation code to the master, and
2) fix all tests setting these master flags inconsistently.
1) is trivial, while 2) might require either adjusting default flags used in
fixtures, or making tests authn-aware, all on a case-by-case basis. I updated
this ticket with a (rather ambitious) estimate reflecting that complexity.
> Behavior of custom HTTP authenticators with disabled HTTP authentication is
> inconsistent between master and agent
> -----------------------------------------------------------------------------------------------------------------
>
> Key: MESOS-5343
> URL: https://issues.apache.org/jira/browse/MESOS-5343
> Project: Mesos
> Issue Type: Bug
> Affects Versions: 1.0.0
> Reporter: Benjamin Bannier
> Assignee: Benjamin Bannier
> Priority: Minor
> Labels: mesosphere, security
>
> When setting a custom authenticator with {{http_authenticators}} and also
> specifying {{authenticate_http=false}} currently agents refuse to start with
> {code}
> A custom HTTP authenticator was specified with the '--http_authenticators'
> flag, but HTTP authentication was not enabled via '--authenticate_http'
> {code}
> Masters on the other hand accept this setting.
> Having differing behavior between master and agents is confusing, and we
> should decide on whether we want to accept these settings or not, and make
> the implementations consistent.
--
This message was sent by Atlassian JIRA
(v6.3.4#6332)
