[
https://issues.apache.org/jira/browse/MESOS-5851?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=15381780#comment-15381780
]
Adam B commented on MESOS-5851:
-------------------------------
Well, it's arguable whether it's more maintainable to specify a list of
endpoints TO authenticate, or a list of endpoints NOT TO authenticate. And as
we add more authenticated endpoints in the future, is it better for them to be
automatically whitelisted or automatically blacklisted? If you have a partial
authentication mode and newly authenticatable endpoints are authenticated by
default (unless explicitly added to the exclusion list), then you run the risk
of breaking existing users' behavior. If you don't authenticate new endpoints
by default, then you run the risk of introducing an unexpected new security
hole in a user's cluster.
> Create mechanism to control authentication between different HTTP endpoints
> ---------------------------------------------------------------------------
>
> Key: MESOS-5851
> URL: https://issues.apache.org/jira/browse/MESOS-5851
> Project: Mesos
> Issue Type: Bug
> Components: libprocess
> Affects Versions: 1.0.0
> Reporter: Zhitao Li
> Labels: mesosphere, security
>
> All endpoints authentication is controlled by one single flag. We need this
> flag to be on so that `/reserve` `/unreserve` can get a principal.
> However, after 1.0, we cannot access important readonly endpoints
> `/master/state/` and `/metric/snapshot/` anymore w/o a password. The latter
> is detrimental on usability because many users don't have the supporting
> infra to distribute such metrics into every metrics collecting process yet.
> I'm looking towards a mechanism to at least allow unauthenticated access to
> selective whitelisted endpoints while keep endpoints requiring AuthN/AuthZ
> still protected.
> quoting Joseph Wu, "we want a `--authenticate_http=true, but don't check`
> option"
--
This message was sent by Atlassian JIRA
(v6.3.4#6332)
