Alexander Rukletsov created MESOS-9638:
------------------------------------------
Summary: Mesos masters do no authenticate with agents.
Key: MESOS-9638
URL: https://issues.apache.org/jira/browse/MESOS-9638
Project: Mesos
Issue Type: Improvement
Components: agent, master
Reporter: Alexander Rukletsov
Currently Mesos agents do not verify that the messages they receive are coming
from the leading master and haven't been tampered with. In untrusted
environments this can be a source of security issues.
There are a couple of ways to fix this:
1) implement Master authentication on the transport or application level for
each {{agent}}<->{{master}} connection (this might not be sufficient to
distinguish a master from the leading master)
2) implement Master authentication on the transport level (for the connection
to be encrypted) upon agent registration and pass a secret to the master for
all subsequent, possibly separate and unencrypted, connections (the secret can
be leaked on an unencrypted connection).
--
This message was sent by Atlassian JIRA
(v7.6.3#76005)
