Authenticating with PAM¶
To configure AEN to authenticate with PAM, you need to have LDAP in place and pre-populated with your users. With LDAP, pam does not require to read /etc/shadow and it can authenticate successfully without root priviledges.
NOTE: PAM on the linux machine needs to be tied to LDAP (pam_ldap). You cannot use PAM with local unix accounts because /etc/shadow is only readable by the root user, but pam_ldap can authenticated against LDAP (non-root).
- Stop the wakari server:
sudo service wakari-server stop
- update the configuration file
/opt/wakari/wakari-server/etc/wakari/wk-server-config.jsonwith the PAM authentication method. Change the entry for the line
- Restart the wakari server:
sudo service wakari-server start
- In your browser navigate to Anaconda Enterprise Notebooks and attempt to login as a PAM-based user – create and start a project, then open a Jupyter Notebook.
- Logout then login as an administrator and go to the Admin view. Attempt to list users.
You can test PAM directly from the Python CLI
su - $AEN_USER/opt/wakari/wakari-server/bin/python
p = pam.pam() p.authenticate("<username>", "<password>") True
If the server throws an
import error for the pam module, please make sure that the
python-pam==1.8.2 module is installed. If the
.condarc file includes the
wakari channel then
python-pam==1.8.2 will be installed automatically.