[ https://issues.apache.org/jira/browse/MESOS-7097?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=15860647#comment-15860647 ]
Adam B commented on MESOS-7097: ------------------------------- Sounds great! Maybe we can finally get rid of the master's whitelist flag (which controls offers but not registration). > Framework credentials can be used to register as an agent. > ---------------------------------------------------------- > > Key: MESOS-7097 > URL: https://issues.apache.org/jira/browse/MESOS-7097 > Project: Mesos > Issue Type: Bug > Reporter: Yan Xu > > Mesos uses the same credentials for all default http authenticators and the > crammd5 authenticator, across clients that include frameworks, agents and > operators. All authenticated clients are treated the same until the > authorizer kicks in when handling specific actions. > There's currently not an ACL that limits who can/cannot register as agents so > whoever obtains the framework credentials can freely do so. The ability to > register as agents should be limited to the entities with the agent > credentials/principles. -- This message was sent by Atlassian JIRA (v6.3.15#6346)