Yan Xu created MESOS-7097: ----------------------------- Summary: Framework credentials can be used to register as an agent. Key: MESOS-7097 URL: https://issues.apache.org/jira/browse/MESOS-7097 Project: Mesos Issue Type: Bug Reporter: Yan Xu
Mesos uses the same credentials for all default http authenticators and the crammd5 authenticator, across clients that include frameworks, agents and operators. All authenticated clients are treated the same until the authorizer kicks in when handling specific actions. There's currently not an ACL that limits who can/cannot register as agents so whoever obtains the framework credentials can freely do so. The ability to register as agents should be limited to the entities with the agent credentials/principles. -- This message was sent by Atlassian JIRA (v6.3.15#6346)