firstuseauthenticator/README.md

# JupyterHub First Use Authenticator #

A [JupyterHub](https://jupyterhub.readthedocs.io) authenticator that helps new users set their password on their first login to JupyterHub.

**Are you running a workshop from a single physical location, such as a university seminar or a user group?**

JupyterHub First Use Authenticator can simplify the user set up for you. It's very useful when using transient
JupyterHub instances in a single physical location. It allows multiple users to log in, but you do not have install a pre-existing authentication setup. With this authenticator, users can just pick a username and password and get to work!

## Installation ##

You can install this authenticator with:

```bash
pip install jupyterhub-firstuseauthenticator
```

Once installed, configure JupyterHub to use it by adding the following to your `jupyterhub_config.py` file:

```python
c.JupyterHub.authenticator_class = 'firstuseauthenticator.FirstUseAuthenticator'
```

## Configuration ##

### FirstUseAuthenticator.dbm_path ###

Path to the [dbm](https://docs.python.org/3.5/library/dbm.html) file, or a UNIX database file such as `passwords.dbm`, used to store usernames and passwords. The dbm file should be put where regular users do not have read/write access to it.

This authenticator's default setting for the path to the `passwords.dbm` is the current directory from which JupyterHub is spawned.

### FirstUseAuthenticator.create_users ###

Create users if they do not exist already.

When set to False, users would have to be explicitly created before
they can log in. Users can be created via the admin panel or by setting
whitelist / admin list.

Defaults to True.

## FAQ ##

#### Why have a password DB and not use PAM ?

For security Reasons. Users are likely to set an, insecure password at
login time, and you do not want a brute-force/dictionary attack to manage to
login by attacking via ssh or another mean.

## Security

When using `FirstUseAuthenticator` it is advised to automatically prepend the
name of the user with a known-prefix (for example `jupyter`). This would prevent
for example, someone to log-in as `root`, as the created user would be
`jupyter-root`.
Initial commit Pretty much all the things work 2016-10-24 20:31:45 -07:00			`# JupyterHub First Use Authenticator #`

Allow disabling user creation on login This forces admins to create users manually - via config or the admin panel, before they can log in. 2018-07-03 16:07:42 -07:00			`A [JupyterHub](https://jupyterhub.readthedocs.io) authenticator that helps new users set their password on their first login to JupyterHub.`
Initial commit Pretty much all the things work 2016-10-24 20:31:45 -07:00
Polish the README 2016-10-25 08:22:24 -07:00			`Are you running a workshop from a single physical location, such as a university seminar or a user group?`

Allow disabling user creation on login This forces admins to create users manually - via config or the admin panel, before they can log in. 2018-07-03 16:07:42 -07:00			`JupyterHub First Use Authenticator can simplify the user set up for you. It's very useful when using transient`
Polish the README 2016-10-25 08:22:24 -07:00			`JupyterHub instances in a single physical location. It allows multiple users to log in, but you do not have install a pre-existing authentication setup. With this authenticator, users can just pick a username and password and get to work!`
Initial commit Pretty much all the things work 2016-10-24 20:31:45 -07:00
			`## Installation ##`

			`You can install this authenticator with:`

			```bash
			`pip install jupyterhub-firstuseauthenticator`
			```

Polish the README 2016-10-25 08:22:24 -07:00			Once installed, configure JupyterHub to use it by adding the following to your `jupyterhub_config.py` file:
Initial commit Pretty much all the things work 2016-10-24 20:31:45 -07:00
			```python
			`c.JupyterHub.authenticator_class = 'firstuseauthenticator.FirstUseAuthenticator'`
			```

			`## Configuration ##`

			`### FirstUseAuthenticator.dbm_path ###`

Polish the README 2016-10-25 08:22:24 -07:00			Path to the [dbm](https://docs.python.org/3.5/library/dbm.html) file, or a UNIX database file such as `passwords.dbm`, used to store usernames and passwords. The dbm file should be put where regular users do not have read/write access to it.
Initial commit Pretty much all the things work 2016-10-24 20:31:45 -07:00
Polish the README 2016-10-25 08:22:24 -07:00			This authenticator's default setting for the path to the `passwords.dbm` is the current directory from which JupyterHub is spawned.
Allow disabling user creation on login This forces admins to create users manually - via config or the admin panel, before they can log in. 2018-07-03 16:07:42 -07:00
			`### FirstUseAuthenticator.create_users ###`

			`Create users if they do not exist already.`

			`When set to False, users would have to be explicitly created before`
			`they can log in. Users can be created via the admin panel or by setting`
			`whitelist / admin list.`

			`Defaults to True.`
FAQ+Security advice 2018-08-27 18:37:20 -07:00
			`## FAQ ##`

			`#### Why have a password DB and not use PAM ?`

			`For security Reasons. Users are likely to set an, insecure password at`
			`login time, and you do not want a brute-force/dictionary attack to manage to`
			`login by attacking via ssh or another mean.`

			`## Security`

			When using `FirstUseAuthenticator` it is advised to automatically prepend the
			name of the user with a known-prefix (for example `jupyter`). This would prevent
			for example, someone to log-in as `root`, as the created user would be
			`jupyter-root`.