Yan Xu created MESOS-7097:
-----------------------------
Summary: Framework credentials can be used to register as an agent.
Key: MESOS-7097
URL: https://issues.apache.org/jira/browse/MESOS-7097
Project: Mesos
Issue Type: Bug
Reporter: Yan Xu
Mesos uses the same credentials for all default http authenticators and the
crammd5 authenticator, across clients that include frameworks, agents and
operators. All authenticated clients are treated the same until the authorizer
kicks in when handling specific actions.
There's currently not an ACL that limits who can/cannot register as agents so
whoever obtains the framework credentials can freely do so. The ability to
register as agents should be limited to the entities with the agent
credentials/principles.
--
This message was sent by Atlassian JIRA
(v6.3.15#6346)
