Files
2026-07-13 13:22:34 +08:00

30 lines
1.6 KiB
INI

[mlflow]
default_permission = READ
database_uri = sqlite:///basic_auth.db
admin_username = admin
admin_password = password1234
authorization_function = mlflow.server.auth:authenticate_request_basic_auth
# When true, users inherit default_permission for the reserved 'default' workspace.
grant_default_workspace_access = false
# Cache settings for resource-to-workspace lookups (used for permission checks).
# workspace_cache_max_size = 10000
# workspace_cache_ttl_seconds = 3600
# Cache settings for basic-auth username/password verification. Disabled by default
# (auth_cache_ttl_seconds = 0). When enabled, successful credential checks are
# cached for this long so PBKDF2 hash comparison runs at most once per (user,
# password) per TTL window — a ~3x throughput improvement on request-heavy
# auth-enabled workloads.
#
# The cache lives inside each worker process, so enabling it introduces staleness:
# * Password, admin-flag, and deletion changes via the HTTP APIs invalidate the
# entry on whichever worker handled the mutation immediately. Other workers in
# a multi-worker deployment may continue to accept the old credential until
# the TTL expires (at most auth_cache_ttl_seconds).
# * Mutations made out-of-band (direct SQL, external IdP sync) reach the cache
# on no workers and are likewise reflected only after the TTL expires.
#
# The cache is bounded by auth_cache_max_size and the TTL, so there is no
# unbounded memory growth. Set auth_cache_ttl_seconds to a positive value
# (e.g. 60) to opt in.
# auth_cache_max_size = 10000
# auth_cache_ttl_seconds = 0