hazza/jupyterhub
1
0
Fork 0
mirror of https://github.com/jupyterhub/jupyterhub.git synced 2025-10-18 07:23:00 +00:00
Code Issues Packages Projects Releases Wiki Activity

Stop opening PAM sessions by default

Browse Source 
We don't do it correctly, so don't try by default

It does work _sometimes_, but most of the time it does work, it's because it's a no-op.
Turning it off by default makes it more likely folks will see the caveat that it may not work.
This commit is contained in:
Min RK
2022-02-07 15:45:38 +01:00
parent 3ed345f496
commit b84dd5d735
1 changed files with 12 additions and 4 deletions
Download Patch File Download Diff File Expand all files Collapse all files

16
jupyterhub/auth.py
View File

@@ -975,16 +975,24 @@ class PAMAuthenticator(LocalAuthenticator):
).tag(config=True) ).tag(config=True)
open_sessions = Bool( open_sessions = Bool(
True, False,
help=""" help="""
Whether to open a new PAM session when spawners are started. Whether to open a new PAM session when spawners are started.
This may trigger things like mounting shared filsystems, This may trigger things like mounting shared filesystems,
loading credentials, etc. depending on system configuration, loading credentials, etc. depending on system configuration.
but it does not always work.
The lifecycle of PAM sessions is not correct,
so many PAM session configurations will not work.
If any errors are encountered when opening/closing PAM sessions, If any errors are encountered when opening/closing PAM sessions,
this is automatically set to False. this is automatically set to False.
.. versionchanged:: 2.2
Due to longstanding problems in the session lifecycle,
this is now disabled by default.
You may opt-in to opening sessions by setting this to True.
""", """,
).tag(config=True) ).tag(config=True)