How Do You Disable Authentication
5,204 views
Skip to first unread message
Rasso Necromuralist
Dec 10, 2016, 7:26:48 PM12/10/16
to Project Jupyter
Hello,
My main way to use Jupyter notebooks is to spin up a local server and use emacs-ipython-notebook (ein), but Jupyter 4.2.1 has the default set to require passing in the token, which breaks ein. I filed a bug with the ein developer, and in the mean-time I copied an older version of Jupyter over to my virtualenv, so I'm not blocked, but I couldn't find an obvious way to disable the authentication in the documentation and was wondering how I could do it if I wanted to.
Best Regards,
Rasso
Damián Avila
Dec 12, 2016, 8:12:20 AM12/12/16
to jup...@googlegroups.com
Are you sure you are in notebook 4.2.1? Because token auth was introduced in 4.3 (IIRC) or maybe I misinterpreted you...
Cheers.
--
You received this message because you are subscribed to the Google Groups "Project Jupyter" group.
To unsubscribe from this group and stop receiving emails from it, send an email to jupyter+unsubscribe@googlegroups.com.
To post to this group, send email to jup...@googlegroups.com.
To view this discussion on the web visit https://groups.google.com/d/msgid/jupyter/2a7f5c7d-c556-43c7-a541-b957b0ed4649%40googlegroups.com.
For more options, visit https://groups.google.com/d/optout.
Damián Avila
Thomas Kluyver
Dec 12, 2016, 8:52:03 AM12/12/16
to Project Jupyter
Just to emphasise: we added the token authentication mechanism in 4.3 for security reasons, and if you disable it, you reopen the hole it closes. I have written a more detailed description here:
https://github.com/jupyter/notebook/issues/1944#issuecomment-266434362
https://github.com/jupyter/notebook/issues/1944#issuecomment-266434362
To view this discussion on the web visit https://groups.google.com/d/msgid/jupyter/CAH%2BmRR0uB1EwrpXyLVv-XsK2-Etb62CaByV5ypA8jdY6yV_U_g%40mail.gmail.com.
Rasso Necromuralist
Dec 14, 2016, 1:48:51 AM12/14/16
to Project Jupyter
Thanks for the replies. Perhaps my misunderstanding is related to how the versioning notation works or my interpretation of the output.
When I type `jupyter --version` I get back `4.2.1`, which is the version that I reported. When I started the notebook with `jupyter notebook --no-browser` the server output showed (with the token changing each time) :
`The Jupyter Notebook is running at: http://localhost:8888/?token=3ca89c7367e195991aaa103b444c12fb7e42b46e843c74cb`
which created a re-direct (302) to a login page when I tried to open the page in emacs or in the browser (using only http://localhost:8888).
The emacs notebook developer responded with a workaround so I will try this, and if it doesn't work then I will try the (possibly flawed) solution. Thank you for both the pointer to the documentation, which I think I read but somehow did not understand, as well as the reasoning for the authentication. In my case I primarily use the notebooks as quick sketchbooks where I run the server on the same computer where the client is (and I have the only user account) so hopefully I won't have the security problems mentioned.
In any case, thank you very much for your response.
Best Regards,
Rasso
Thomas Kluyver
Dec 14, 2016, 6:43:20 AM12/14/16
to Project Jupyter
Hi Rasso,
On 14 December 2016 at 06:48, Rasso Necromuralist <necrom...@gmail.com> wrote:
When I type `jupyter --version` I get back `4.2.1`, which is the version that I reported. When I started the notebook with `jupyter notebook --no-browser` the server output showed (with the token changing each time) :
Since 4.0, there are a number of different pieces with their own version numbers (which is confusing, we know). The relevant one here is the notebook package, which you can get the version for by running:
jupyter notebook --version
`The Jupyter Notebook is running at: http://localhost:8888/?token=3ca89c7367e195991aaa103b444c12fb7e42b46e843c74cbwhich created a re-direct (302) to a login page when I tried to open the page in emacs or in the browser (using only http://localhost:8888).
If you open the URL including that token= piece, it should log you in directly. Or you can copy the token value into the login page. We've now added a page to the docs detailing why we did this:
http://jupyter-notebook.readthedocs.io/en/latest/security.html
http://jupyter-notebook.readthedocs.io/en/latest/security.html
Thomas
Rasso Necromuralist
Dec 15, 2016, 1:10:03 AM12/15/16
to Project Jupyter
takowl,
Thank you for the clarification - I think I was adding confusion to the emacs-notebook project as well by referencing the wrong version there too. Everything worked as you said (in the browser) and the parts that don't work in the emacs notebook are apparently known to the developer and fixes are under way.
Thank you for the clarification - I think I was adding confusion to the emacs-notebook project as well by referencing the wrong version there too. Everything worked as you said (in the browser) and the parts that don't work in the emacs notebook are apparently known to the developer and fixes are under way.
Thanks to both of you for the information, I think I have learned enough to get what I'm doing working.
Best Regards,
Rasso
On Saturday, December 10, 2016 at 4:26:48 PM UTC-8, Rasso Necromuralist wrote:
On Saturday, December 10, 2016 at 4:26:48 PM UTC-8, Rasso Necromuralist wrote:
Reply all
Reply to author
Forward
0 new messages