Hello, We use auth/authz implementation for frameworks and slaves. They are neat! This thread is about auth for web ui, between master and user.
We are implementing authentication for master web ui (port: 5050). The master seem to serve both user requests and protobuf messages from slave & frameworks on same port. Right? We want to authenticate user requests only. Is there a way to differentiate these messages? Based on how these messages can be differentiated, we are thinking to run mesos master behind a proxy, apache or apache traffic server, primarily for 2 reasons: 1. authentication. The auth could be implemented through apache module or ATS plugin. 2. security. serve user requests through https. If we use ATS, it may also solve caching problem; but we aren't solving this problem right now. Making changes to mesos to address these concern doesn't look neat. Mesos seem to return complete json blob and all magic is done at the client side, in angularjs. Mesos master isn't a full fletched http server. It's not meant to keep track of user session; dealing with http cookies/headers/redirection are non-trivial. Anyone running mesos master behind proxy, or solved same problem differently? -- Regards, Bhuvan Arumugam www.livecipher.com
