Client configuration (AER 2.32)

The Anaconda Client gives you the ability to upload packages to your on-site Anaconda repository and provides highly granular access control capabilities. Here is how to configure your client to use your local repository instead of Anaconda Cloud.

Anaconda client configuration

On each machine that will access your on-site Anaconda repository, run this command as the machine’s local user:

anaconda config --set url<port>/api

Or to set the default repo on a system wide basis, run this command:

anaconda config --set url<port>/api --site

The system level config file will only be used if no user level config file is present.

To show the system and user config file locations and configuration settings:

anaconda config --show

Conda configuration

With the above anaconda config steps you can access all packages and channels from the local onsite Anaconda repository instead of the public

Users can then add individual accounts to their .condarc file by running the following command:

conda config --add channels USERNAME

If you still wish to access certain channels from the public

conda config --add channels<USERNAME>

Conda channel priority

To set a preferred priority for the channels conda will search for package installs edit your ~/.condarc file and change the order. Channels at the top are searched first.

For example:

  - channel
  - defaults

The order of search is now

  1. private onsite Anaconda repository channel
  2. private channel2
  3. public channel1
  4. default channel on onsite Anaconda repository

pip configuration

To install pypi packages from your Anaconda repository, add your channel to your ~/.pip/pip.conf configuration file.

Edit the file and add an extra-index-url entry to the global config section:

extra-index-url =<port>/pypi/<username>/simple


If you have enabled Kerberos authentication as described in the Advanced Installation Options installation guide, your browser and anaconda-client should be able to authenticate to Anaconda repository using Kerberos.

In OS X/Unix, configure the file /etc/krb5.conf:

default_realm = YOUR.DOMAIN

  kdc = your.kdc.server

your.anaconda.server = YOUR.DOMAIN

If your configuration is correct, you should be able to authenticate using the command-line tool kinit:

kinit jsmith
anaconda login

Browser Setup

Many browsers do not present your Kerberos credentials by default, to prevent leaking credentials to untrusted parties. In order to use Kerberos authentication, you must white-list Anaconda repository as a trusted party to receive credentials.

You must restart your browser after configuring the whitelist in order for changes to be reflected.


Safari requires no configuration - it will automatically present your credentials without white-listing.


The AuthServerWhitelist policy must be set to your.anaconda.server - this will allow Chrome to present credentials to Anaconda Repository with the hostname your.anaconda.server. Depending on your DNS configuration, DisableAuthNegotiateCnameLookup may also be required - this will prevent Chrome from canonicalizing the hostname before generating a service name.

To configure on OS X:

defaults write AuthServerWhitelist "your.anaconda.server"

On Linux:

mkdir -p /etc/opt/chrome/policies/managed
mkdir -p /etc/opt/chrome/policies/recommended
chmod -w /etc/opt/chrome/policies/managed
echo '{"AuthServerWhitelist": "your.anaconda.server"}' > /etc/opt/chrome/policies/managed/anaconda_repo_policy.json

On Windows, use Group Policy objects to set the “Authentication server whitelist” setting to “your.anaconda.server”.

For more information, see Chrome’s SPNEGO authentication and administration documentation.


  • Navigate to the configuration page about:config
  • Search for “negotiate”
  • Set the configuration item network.negotiate-auth.trusted-uris to your.anaconda.server

Internet Explorer

  • Open the menu item Internet Options > Tools > Advanced Tab
  • In the Security section, select “Enable Integrated Windows Authentication”