*******************************
Client configuration (AER 2.29)
*******************************

.. raw:: html

    <p>The Anaconda Client gives you the ability to upload packages to your on-site Anaconda repository and provides highly granular access control capabilities.  Here is how to configure your client to use your local repository instead of Anaconda Cloud.</p>
    <div class="section" id="anaconda-client-configuration">
    <h2>Anaconda client configuration<a class="headerlink" href="#anaconda-client-configuration" title="Permalink to this headline">¶</a></h2>
    <p>On each machine that will access your on-site Anaconda repository, run this command as the machine&#8217;s local user:</p>
    <div class="highlight-python"><div class="highlight"><pre><span></span>anaconda config --set url http://your.server.name:&lt;port&gt;/api
    </pre></div>
    </div>
    <p>Or to set the default repo on a system wide basis, run this command:</p>
    <div class="highlight-python"><div class="highlight"><pre><span></span>anaconda config --set url http://your.server.name:&lt;port&gt;/api --site
    </pre></div>
    </div>
    <p>The system level config file will only be used if no user level config file is present.</p>
    <p>To show the system and user config file locations and configuration settings:</p>
    <div class="highlight-python"><div class="highlight"><pre><span></span>anaconda config --show
    </pre></div>
    </div>
    </div>
    <div class="section" id="conda-configuration">
    <h2>Conda configuration<a class="headerlink" href="#conda-configuration" title="Permalink to this headline">¶</a></h2>
    <p>With the above anaconda config steps you can access all packages and channels from the local onsite Anaconda
    repository instead of the public Anaconda.org.</p>
    <p>Users can then add individual accounts to their .condarc file by running the following command:</p>
    <div class="highlight-python"><div class="highlight"><pre><span></span>conda config --add channels USERNAME
    </pre></div>
    </div>
    <p>If you still wish to access certain channels from the public Anaconda.org:</p>
    <div class="highlight-python"><div class="highlight"><pre><span></span>conda config --add channels http://conda.anaconda.org/&lt;USERNAME&gt;
    </pre></div>
    </div>
    <div class="section" id="conda-channel-priority">
    <h3>Conda channel priority<a class="headerlink" href="#conda-channel-priority" title="Permalink to this headline">¶</a></h3>
    <p>To set a preferred priority for the channels conda will search for package installs edit your ~/.condarc file and change the order. Channels at the top are searched first.</p>
    <p>For example:</p>
    <div class="highlight-python"><div class="highlight"><pre><span></span>channels:
      - channel
      - https://conda.anaconda.org/t/&lt;token&gt;/&lt;channel2&gt;
      - http://conda.anaconda.org/&lt;channel1&gt;
      - defaults
    </pre></div>
    </div>
    <p>The order of search is now</p>
    <ol class="arabic simple">
    <li>private onsite Anaconda repository channel</li>
    <li>private Anaconda.org channel2</li>
    <li>public Anaconda.org channel1</li>
    <li>default channel on onsite Anaconda repository</li>
    </ol>
    </div>
    </div>
    <div class="section" id="pip-configuration">
    <h2>pip configuration<a class="headerlink" href="#pip-configuration" title="Permalink to this headline">¶</a></h2>
    <p>To install pypi packages from your Anaconda repository, add your channel to your ~/.pip/pip.conf configuration file.</p>
    <p>Edit the file and add an extra-index-url entry to the global config section:</p>
    <div class="highlight-python"><div class="highlight"><pre><span></span>[global]
    extra-index-url = http://your.server.name:&lt;port&gt;/pypi/&lt;username&gt;/simple
    </pre></div>
    </div>
    </div>
    <div class="section" id="kerberos">
    <h2>Kerberos<a class="headerlink" href="#kerberos" title="Permalink to this headline">¶</a></h2>
    <p>If you have enabled Kerberos authentication as described in the <a class="reference internal" href="advanced.html"><em>Advanced Installation Options</em></a>
    installation guide, your browser and anaconda-client should be able to authenticate
    to Anaconda repository using Kerberos.</p>
    <p>In OS X/Unix, configure the file <code class="docutils literal"><span class="pre">/etc/krb5.conf</span></code>:</p>
    <div class="highlight-python"><div class="highlight"><pre><span></span>[libdefaults]
    default_realm = YOUR.DOMAIN

    [realms]
    YOUR.DOMAIN = {
      kdc = your.kdc.server
    }

    [domain_realm]
    your.anaconda.server = YOUR.DOMAIN
    </pre></div>
    </div>
    <p>If your configuration is correct, you should be able to authenticate using the command-line
    tool <code class="docutils literal"><span class="pre">kinit</span></code>:</p>
    <div class="highlight-python"><div class="highlight"><pre><span></span>kinit jsmith
    anaconda login
    </pre></div>
    </div>
    <div class="section" id="browser-setup">
    <h3>Browser Setup<a class="headerlink" href="#browser-setup" title="Permalink to this headline">¶</a></h3>
    <p>Many browsers do not present your Kerberos credentials by default, to prevent
    leaking credentials to untrusted parties. In order to use Kerberos authentication,
    you must white-list Anaconda repository as a trusted party to receive credentials.</p>
    <p>You must restart your browser after configuring the whitelist in order for
    changes to be reflected.</p>
    <div class="section" id="safari">
    <h4>Safari<a class="headerlink" href="#safari" title="Permalink to this headline">¶</a></h4>
    <p>Safari requires no configuration - it will automatically present your
    credentials without white-listing.</p>
    </div>
    <div class="section" id="chrome">
    <h4>Chrome<a class="headerlink" href="#chrome" title="Permalink to this headline">¶</a></h4>
    <p>The <code class="docutils literal"><span class="pre">AuthServerWhitelist</span></code> policy must be set to <code class="docutils literal"><span class="pre">your.anaconda.server</span></code> -
    this will allow Chrome to present credentials to Anaconda Repository with
    the hostname <code class="docutils literal"><span class="pre">your.anaconda.server</span></code>.
    Depending on your DNS configuration, <cite>DisableAuthNegotiateCnameLookup</cite> may also be required -
    this will prevent Chrome from canonicalizing the hostname before generating a
    service name.</p>
    <p>To configure on OS X:</p>
    <div class="highlight-python"><div class="highlight"><pre><span></span>defaults write com.google.Chrome AuthServerWhitelist &quot;your.anaconda.server&quot;
    </pre></div>
    </div>
    <p>On Linux:</p>
    <div class="highlight-python"><div class="highlight"><pre><span></span>mkdir -p /etc/opt/chrome/policies/managed
    mkdir -p /etc/opt/chrome/policies/recommended
    chmod -w /etc/opt/chrome/policies/managed
    echo &#39;{&quot;AuthServerWhitelist&quot;: &quot;your.anaconda.server&quot;}&#39; &gt; /etc/opt/chrome/policies/managed/anaconda_repo_policy.json
    </pre></div>
    </div>
    <p>On Windows, use Group Policy objects to set the &#8220;Authentication server
    whitelist&#8221; setting to &#8220;your.anaconda.server&#8221;.</p>
    <p>For more information, see Chrome&#8217;s <a class="reference external" href="http://www.chromium.org/developers/design-documents/http-authentication">SPNEGO authentication</a>
    and <a class="reference external" href="https://www.chromium.org/administrators">administration</a> documentation.</p>
    </div>
    <div class="section" id="firefox">
    <h4>Firefox<a class="headerlink" href="#firefox" title="Permalink to this headline">¶</a></h4>
    <ul class="simple">
    <li>Navigate to the configuration page <code class="docutils literal"><span class="pre">about:config</span></code></li>
    <li>Search for &#8220;negotiate&#8221;</li>
    <li>Set the configuration item <code class="docutils literal"><span class="pre">network.negotiate-auth.trusted-uris</span></code> to <code class="docutils literal"><span class="pre">your.anaconda.server</span></code></li>
    </ul>
    </div>
    <div class="section" id="internet-explorer">
    <h4>Internet Explorer<a class="headerlink" href="#internet-explorer" title="Permalink to this headline">¶</a></h4>
    <ul class="simple">
    <li>Open the menu item <em>Internet Options &gt; Tools &gt; Advanced Tab</em></li>
    <li>In the <em>Security</em> section, select &#8220;Enable Integrated Windows Authentication&#8221;</li>
    </ul>
    </div>
    </div>
    </div>
