diff --git a/docs/source/tutorial/getting-started/authenticators-users-basics.md b/docs/source/tutorial/getting-started/authenticators-users-basics.md index 6cae1425..e6fa3e1f 100644 --- a/docs/source/tutorial/getting-started/authenticators-users-basics.md +++ b/docs/source/tutorial/getting-started/authenticators-users-basics.md @@ -2,9 +2,15 @@ # Authentication and User Basics -The default Authenticator uses [PAM][] (Pluggable Authentication Module) to authenticate system users with -their usernames and passwords. With the default Authenticator, any user -with an account and password on the system will be allowed to login. +The default Authenticator uses [PAM][] (Pluggable Authentication Module) to authenticate users already defined on the system with their usernames and passwords. +With the default Authenticator, +any user with an account and password on the system will be able to login. +But that does not mean they will be **allowed** to access JupyterHub. + +:::{important} +Only _explicitly allowed_ users can login to JupyterHub +(a user who can login but is not allowed will see a permission error after successful login). +::: ## Deciding who is allowed diff --git a/docs/source/tutorial/quickstart.md b/docs/source/tutorial/quickstart.md index cc5d6b05..f8f1ff04 100644 --- a/docs/source/tutorial/quickstart.md +++ b/docs/source/tutorial/quickstart.md @@ -71,6 +71,35 @@ jupyterhub -h configurable-http-proxy -h ``` +## Configuration + +At this point, we could start jupyterhub, but nobody would be able to use it! +Only users who are explicitly **allowed** can use JupyterHub. +To allow users, we need to create a configuration file. +JupyterHub uses a configuration file called `jupyterhub_config.py`, +which is a regular Python script with one function `get_config()` pre-defined, returning the "config object". +Assigning attributes to this object is how we configure JupyterHub. + +At this point, we have two choices: + +1. allow any user who can successfully login with our Authenticator (often a good choice for local machines with PAM) +2. allow one or more users by name. + +We'll start with the first one. +Create the file `jupyerhub_config.py` with the content: + +```python +c = get_config() # noqa +c.Authenticator.allow_all = True +# alternative: c.Authenticator.allowed_users = {"yourusername"} +``` + +This configuration means that anyone who can login with PAM (any existing user on the system) should have access to JupyterHub. + +:::{seealso} +[](authenticators) +::: + ## Start the Hub server To start the Hub server, run the command: