mirror of
https://github.com/jupyterhub/the-littlest-jupyterhub.git
synced 2025-12-18 21:54:05 +08:00
small updates to the docs
This commit is contained in:
Chris Holdgraf
@@ -24,6 +24,12 @@ example.
|
||||
Configuring the authenticator
|
||||
=============================
|
||||
|
||||
Some authenticators have unique configuration options. This section covers a
|
||||
few common ones.
|
||||
|
||||
LDAPAuthenticator
|
||||
^^^^^^^^^^^^^^^^^
|
||||
|
||||
LDAPAuthenticator's `documentation <https://github.com/jupyterhub/ldapauthenticator#required-configuration>`_
|
||||
lists the various configuration options you can set for LDAPAuthenticator. You can set them
|
||||
in TLJH with the following pattern:
|
||||
@@ -36,7 +42,7 @@ When the documentation asks you to set ``LDAPAuthenticator.server_address`` to s
|
||||
value, you can do that with the following command:
|
||||
|
||||
.. code-block:: bash
|
||||
|
||||
|
||||
sudo -E tljh-config set auth.LDAPAuthenticator.server_address = 'my-ldap-server'
|
||||
|
||||
Most authenticators require you set multiple configuration options before you can
|
||||
@@ -45,7 +51,9 @@ enable them. Read the authenticator's documentation carefully for more informati
|
||||
Enabling the authenticator
|
||||
==========================
|
||||
|
||||
Once you have configured the authenticator as you want, it should be enabled.
|
||||
Once you have configured the authenticator as you want, you should then
|
||||
enable it. We'll use the LDAPAuthenticator as an example, though the process
|
||||
is similar for the other authenticators.
|
||||
|
||||
.. code-block:: bash
|
||||
|
||||
@@ -70,4 +78,3 @@ Once enabled, you need to reload JupyterHub for the config to take effect.
|
||||
Try logging in a separate incognito window to check if your configuration works. This
|
||||
lets you preserve your terminal in case there were errors. If there are
|
||||
errors, :ref:`troubleshooting/logs` should help you debug them.
|
||||
|
||||
|
||||
@@ -10,7 +10,7 @@ information about the security model of The Littlest JupyterHub.
|
||||
System user accounts
|
||||
====================
|
||||
|
||||
Each JupyterHub user gets their own unix user account created when they
|
||||
Each JupyterHub user gets their own Unix user account created when they
|
||||
first start their server. This protects users from each other, gives them a
|
||||
home directory at a well known location, and allows sharing based on file system
|
||||
permissions.
|
||||
@@ -38,8 +38,8 @@ command on the terminal. No password required.
|
||||
|
||||
This is a **lot** of power, and they can do pretty much anything they want to
|
||||
the server - look at other people's work, modify it, break the server in cool &
|
||||
funky ways, etc. This also means if an admin's credentials are compromised (
|
||||
easy to guess password, password re-use, etc) the entire JupyterHub is compromised.
|
||||
funky ways, etc. This also means **if an admin's credentials are compromised (
|
||||
easy to guess password, password re-use, etc) the entire JupyterHub is compromised.**
|
||||
|
||||
Off-boarding users securely
|
||||
===========================
|
||||
@@ -47,7 +47,13 @@ Off-boarding users securely
|
||||
When you delete users from the JupyterHub admin console, their unix user accounts
|
||||
are **not** removed. This means they might continue to have access to the server
|
||||
even after you remove them from JupyterHub. Admins should manually remove the user
|
||||
from the server & archive their home directories as needed. If the user removed
|
||||
from the server & archive their home directories as needed. For example, the
|
||||
following command deletes the user ``yuvi``.
|
||||
|
||||
.. code-block::
|
||||
userdel yuvi
|
||||
|
||||
If the user removed
|
||||
from the server is an admin, extra care must be taken since they could have
|
||||
modified the system earlier to continue giving them access.
|
||||
|
||||
@@ -62,6 +68,5 @@ feature of systemd.
|
||||
HTTPS
|
||||
=====
|
||||
|
||||
The Littlest JupyterHub does not currently support HTTPS. Follow `this issue
|
||||
<https://github.com/jupyterhub/the-littlest-jupyterhub/issues/29>`_ for progress
|
||||
on HTTPS support.
|
||||
Any internet-facing JupyterHub should use HTTPS to secure its traffic. For
|
||||
information on how to use HTTPS with your JupyterHub, see :ref:`_howto/https`.
|
||||
|
||||
@@ -5,7 +5,7 @@ Configuring TLJH with ``tljh-config``
|
||||
=====================================
|
||||
|
||||
``tljh-config`` is the commandline program used to make configuration
|
||||
changes to TLJH.
|
||||
changes to TLJH.
|
||||
|
||||
Running ``tljh-config``
|
||||
======================`
|
||||
@@ -75,7 +75,7 @@ restarted and loaded with the new configuration.
|
||||
Advanced: ``config.yaml``
|
||||
=========================
|
||||
|
||||
``tljh-config`` is a simple program that modifies the contents of the
|
||||
``config.yaml`` file located at ``/opt/tljh/config.yaml``. ``tljh-config``
|
||||
``tljh-config`` is a simple program that modifies the contents of the
|
||||
``config.yaml`` file located at ``/opt/tljh/config.yaml``. ``tljh-config``
|
||||
is the recommended method of editing / viewing configuration since editing
|
||||
YAML by hand in a terminal text editor is a large source of errors.
|
||||
YAML by hand in a terminal text editor is a large source of errors.
|
||||
|
||||
Reference in New Issue
Block a user