Merge pull request #5140 from minrk/quickstart-allow

update quickstart, authenticator doc with 5.0 allow changes
2025-10-07 01:54:09 +00:00 · 2025-09-13 13:46:56 +01:00 · 2025-09-12 08:57:14 -07:00
2 changed files with 38 additions and 3 deletions
--- a/docs/source/tutorial/getting-started/authenticators-users-basics.md
+++ b/docs/source/tutorial/getting-started/authenticators-users-basics.md
@@ -2,9 +2,15 @@

 # Authentication and User Basics

-The default Authenticator uses [PAM][] (Pluggable Authentication Module) to authenticate system users with
-their usernames and passwords. With the default Authenticator, any user
-with an account and password on the system will be allowed to login.
+The default Authenticator uses [PAM][] (Pluggable Authentication Module) to authenticate users already defined on the system with their usernames and passwords.
+With the default Authenticator,
+any user with an account and password on the system will be able to login.
+But that does not mean they will be **allowed** to access JupyterHub.
+
+:::{important}
+Only _explicitly allowed_ users can login to JupyterHub
+(a user who can login but is not allowed will see a permission error after successful login).
+:::

 ## Deciding who is allowed

--- a/docs/source/tutorial/quickstart.md
+++ b/docs/source/tutorial/quickstart.md
@@ -71,6 +71,35 @@ jupyterhub -h
 configurable-http-proxy -h
 ```

+## Configuration
+
+At this point, we could start jupyterhub, but nobody would be able to use it!
+Only users who are explicitly **allowed** can use JupyterHub.
+To allow users, we need to create a configuration file.
+JupyterHub uses a configuration file called `jupyterhub_config.py`,
+which is a regular Python script with one function `get_config()` pre-defined, returning the "config object".
+Assigning attributes to this object is how we configure JupyterHub.
+
+At this point, we have two choices:
+
+1. allow any user who can successfully login with our Authenticator (often a good choice for local machines with PAM)
+2. allow one or more users by name.
+
+We'll start with the first one.
+Create the file `jupyerhub_config.py` with the content:
+
+```python
+c = get_config()  # noqa
+c.Authenticator.allow_all = True
+# alternative: c.Authenticator.allowed_users = {"yourusername"}
+```
+
+This configuration means that anyone who can login with PAM (any existing user on the system) should have access to JupyterHub.
+
+:::{seealso}
+[](authenticators)
+:::
+
 ## Start the Hub server

 To start the Hub server, run the command:
Author	SHA1	Message	Date
Simon Li	6f776053e8	Merge pull request #5140 from minrk/quickstart-allow update quickstart, authenticator doc with 5.0 allow changes	2025-09-13 13:46:56 +01:00
Min RK	42ee0f9797	update quickstart, authenticator doc with 5.0 allow changes	2025-09-12 08:57:14 -07:00