[
https://issues.apache.org/jira/browse/MESOS-7097?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=15860647#comment-15860647
]
Adam B commented on MESOS-7097:
-------------------------------
Sounds great! Maybe we can finally get rid of the master's whitelist flag
(which controls offers but not registration).
> Framework credentials can be used to register as an agent.
> ----------------------------------------------------------
>
> Key: MESOS-7097
> URL: https://issues.apache.org/jira/browse/MESOS-7097
> Project: Mesos
> Issue Type: Bug
> Reporter: Yan Xu
>
> Mesos uses the same credentials for all default http authenticators and the
> crammd5 authenticator, across clients that include frameworks, agents and
> operators. All authenticated clients are treated the same until the
> authorizer kicks in when handling specific actions.
> There's currently not an ACL that limits who can/cannot register as agents so
> whoever obtains the framework credentials can freely do so. The ability to
> register as agents should be limited to the entities with the agent
> credentials/principles.
--
This message was sent by Atlassian JIRA
(v6.3.15#6346)
