Http Basic Authentication in Hue

[Vinay Mundada]

Is the Basic Http authentication (the one where the browser asks for a authentication pop-up) enabled somewhere in the Hue code base (say in cherryPy server settings or somewhere) ? I want to disable that auth. How can I do it?

[Vinay Mundada]

To be specific, just like how we have <auth-constraint> BASIC/DIGEST </auth-constraint> in the web.xml file for apache tomcat deployments.

[Jordan Moore]

Vinay, 

If I understood correctly, you want to disable auth and allow everyone. 

Then you can use 

[[auth]]
  backend=desktop.auth.backend.AllowAllBackend

If you want to see the other auth methods, refer: <https://www.cloudera.com/documentation/enterprise/latest/topics/cdh_ig_hue_config.html#topic_15_6_8>

And they are managed by Django, not CherryPy

Feel free to install Apache HTTPD or Nginx and setup a reverse proxy to Hue if you are more comfortable configuring those, but it seems unnecessary. 

[Ivan Dzikovsky]

It seems that you have configured Basic Http authentication backend. Something like following in hue.ini:

[desktop]
  [[auth]]
    backend=desktop.auth.backend.RemoteUserDjangoBackend

To change this behavior, you need to specify other authentication backend.
You may set something like desktop.auth.backend.PamBackend to authenticate users by PAM modules, or desktop.auth.backend.AllowAllBackend to disable authentication at all.

Or just fall back to default configuration desktop.auth.backend.AllowFirstUserDjangoBackend (first logged in user is the admin, and it have access to create accounts for other users in Hue internal database).