alexbegg edited a comment on issue #10330: URL: https://github.com/apache/airflow/issues/10330#issuecomment-674319661
@Minyus I just want to clarify some things. The same [Security](https://airflow.apache.org/docs/stable/security.html) documentation page explains both the `auth_backend` under [api] (which as of 1.10.11 defaults to `airflow.api.auth.backend.deny_all`) and the `auth_backend` under [webserver] (which does not seem to be included in the default config, I assume because by default `authenticate` is `False`). The fact that both have the same key name can be confusing, but I am sure that both settings do different things. Setting your API `auth_backend` won't also set your webserver `auth_backend`, and vice-versa. Also, not describing `auth_backend` under "webserver" on the [Configuration reference](https://airflow.apache.org/docs/stable/configurations-ref.html) page or even the default configuration is confusing things. ---------------------------------------------------------------- This is an automated message from the Apache Git Service. To respond to the message, please log on to GitHub and use the URL above to go to the specific comment. For queries about this service, please contact Infrastructure at: [email protected]
