[
https://issues.apache.org/jira/browse/MESOS-7097?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=15924752#comment-15924752
]
Yan Xu edited comment on MESOS-7097 at 3/16/17 10:53 PM:
---------------------------------------------------------
https://reviews.apache.org/r/57520/
https://reviews.apache.org/r/57534/
https://reviews.apache.org/r/57535/
https://reviews.apache.org/r/57710
was (Author: xujyan):
https://reviews.apache.org/r/57520/
https://reviews.apache.org/r/57534/
https://reviews.apache.org/r/57535/
Will add documentation changes following these patches above.
> Framework credentials can be used to register as an agent.
> ----------------------------------------------------------
>
> Key: MESOS-7097
> URL: https://issues.apache.org/jira/browse/MESOS-7097
> Project: Mesos
> Issue Type: Bug
> Reporter: Yan Xu
> Assignee: Yan Xu
>
> Mesos uses the same credentials for all default http authenticators and the
> crammd5 authenticator, across clients that include frameworks, agents and
> operators. All authenticated clients are treated the same until the
> authorizer kicks in when handling specific actions.
> There's currently not an ACL that limits who can/cannot register as agents so
> whoever obtains the framework credentials can freely do so. The ability to
> register as agents should be limited to the entities with the agent
> credentials/principles.
--
This message was sent by Atlassian JIRA
(v6.3.15#6346)
