diff --git a/Dockerfile b/Dockerfile
index 9b9431b52fc9dec28c9c6baacd6bb0438395ab1a..cb3e89ddc3c8d79f3e32b31ad060c84d41f52b6b 100644
--- a/Dockerfile
+++ b/Dockerfile
@@ -2,6 +2,6 @@ FROM quay.io/jupyterhub/jupyterhub:latest
 
 COPY jupyterhub_config.py /etc/jupyterhub/jupyterhub_config.py
 
-RUN pip install dockerspawner
+RUN pip install dockerspawner jupyterhub-nativeauthenticator
 
 CMD ["jupyterhub", "-f", "/etc/jupyterhub/jupyterhub_config.py"]
\ No newline at end of file
diff --git a/jupyterhub_config.py b/jupyterhub_config.py
index e9dfd5e41e4aeb6155076e987b88c4481b74aa0b..260078deffa8bc6d775c666cf0b935f570bef090 100644
--- a/jupyterhub_config.py
+++ b/jupyterhub_config.py
@@ -175,7 +175,9 @@ c = get_config()  #noqa
 #    - null: jupyterhub.auth.NullAuthenticator
 #    - pam: jupyterhub.auth.PAMAuthenticator
 #  Default: 'jupyterhub.auth.PAMAuthenticator'
-c.JupyterHub.authenticator_class = 'jupyterhub.auth.PAMAuthenticator'
+c.JupyterHub.authenticator_class = 'nativeauthenticator.NativeAuthenticator'
+
+c.NativeAuthenticator.open_signup = True
 
 ## The base URL of the entire application.
 #  
@@ -1109,179 +1111,6 @@ c.JupyterHub.spawner_class = 'dockerspawner.DockerSpawner'
 #  See also: Proxy.should_start
 # c.ConfigurableHTTPProxy.should_start = Tru
 
-#------------------------------------------------------------------------------
-# PAMAuthenticator(LocalAuthenticator) configuration
-#------------------------------------------------------------------------------
-## Authenticate local UNIX users with PAM
-
-## 
-#  See also: LocalAuthenticator.add_user_cmd
-# c.PAMAuthenticator.add_user_cmd = []
-
-## Authoritative list of user groups that determine admin access. Users not in
-#  these groups can still be granted admin status through admin_users.
-#  
-#  allowed/blocked rules still apply.
-#  
-#  Note: As of JupyterHub 2.0, full admin rights should not be required, and more
-#  precise permissions can be managed via roles.
-#  Default: set()
-# c.PAMAuthenticator.admin_groups = set()
-
-## 
-#  See also: Authenticator.admin_users
-# c.PAMAuthenticator.admin_users = set()
-
-## 
-#  See also: Authenticator.allow_all
-c.PAMAuthenticator.allow_all = True
-
-## 
-#  See also: Authenticator.allow_existing_users
-# c.PAMAuthenticator.allow_existing_users = False
-
-## 
-#  See also: LocalAuthenticator.allowed_groups
-# c.PAMAuthenticator.allowed_groups = set()
-
-## 
-#  See also: Authenticator.allowed_users
-# c.PAMAuthenticator.allowed_users = set()
-
-## Is there any allow config?
-#  See also: Authenticator.any_allow_config
-# c.PAMAuthenticator.any_allow_config = False
-
-## The max age (in seconds) of authentication info
-#  See also: Authenticator.auth_refresh_age
-# c.PAMAuthenticator.auth_refresh_age = 300
-
-## Automatically begin the login process
-#  See also: Authenticator.auto_login
-# c.PAMAuthenticator.auto_login = False
-
-## 
-#  See also: Authenticator.auto_login_oauth2_authorize
-# c.PAMAuthenticator.auto_login_oauth2_authorize = False
-
-## 
-#  See also: Authenticator.blocked_users
-# c.PAMAuthenticator.blocked_users = set()
-
-## Whether to check the user's account status via PAM during authentication.
-#  
-#  The PAM account stack performs non-authentication based account management. It
-#  is typically used to restrict/permit access to a service and this step is
-#  needed to access the host's user access control.
-#  
-#  Disabling this can be dangerous as authenticated but unauthorized users may be
-#  granted access and, therefore, arbitrary execution on the system.
-#  Default: True
-# c.PAMAuthenticator.check_account = True
-
-## 
-#  See also: LocalAuthenticator.create_system_users
-# c.PAMAuthenticator.create_system_users = False
-
-## Delete any users from the database that do not pass validation
-#  See also: Authenticator.delete_invalid_users
-# c.PAMAuthenticator.delete_invalid_users = False
-
-## Enable persisting auth_state (if available).
-#  See also: Authenticator.enable_auth_state
-# c.PAMAuthenticator.enable_auth_state = False
-
-## The text encoding to use when communicating with PAM
-#  Default: 'utf8'
-# c.PAMAuthenticator.encoding = 'utf8'
-
-## Number of executor threads.
-#  
-#  PAM auth requests happen in this thread, so it is mostly waiting for the pam
-#  stack. One thread is usually enough, unless your pam stack is doing something
-#  slow like network requests
-#  Default: 4
-# c.PAMAuthenticator.executor_threads = 4
-
-## DEPRECATED: use allowed_groups
-#  See also: LocalAuthenticator.group_whitelist
-# c.PAMAuthenticator.group_whitelist = set()
-
-## Let authenticator manage user groups
-#  See also: Authenticator.manage_groups
-# c.PAMAuthenticator.manage_groups = False
-
-## Let authenticator manage roles
-#  See also: Authenticator.manage_roles
-# c.PAMAuthenticator.manage_roles = False
-
-## Whether to open a new PAM session when spawners are started.
-#  
-#  This may trigger things like mounting shared filesystems, loading credentials,
-#  etc. depending on system configuration.
-#  
-#  The lifecycle of PAM sessions is not correct, so many PAM session
-#  configurations will not work.
-#  
-#  If any errors are encountered when opening/closing PAM sessions, this is
-#  automatically set to False.
-#  
-#  .. versionchanged:: 2.2
-#  
-#      Due to longstanding problems in the session lifecycle,
-#      this is now disabled by default.
-#      You may opt-in to opening sessions by setting this to True.
-#  Default: False
-# c.PAMAuthenticator.open_sessions = False
-
-## 
-#  See also: Authenticator.otp_prompt
-# c.PAMAuthenticator.otp_prompt = 'OTP:'
-
-## Round-trip the username via PAM lookups to make sure it is unique
-#  
-#  PAM can accept multiple usernames that map to the same user, for example
-#  DOMAIN\username in some cases.  To prevent this, convert username into uid,
-#  then back to uid to normalize.
-#  Default: False
-# c.PAMAuthenticator.pam_normalize_username = False
-
-## 
-#  See also: Authenticator.post_auth_hook
-# c.PAMAuthenticator.post_auth_hook = None
-
-## Force refresh of auth prior to spawn.
-#  See also: Authenticator.refresh_pre_spawn
-# c.PAMAuthenticator.refresh_pre_spawn = False
-
-## 
-#  See also: Authenticator.request_otp
-# c.PAMAuthenticator.request_otp = False
-
-## Reset managed roles to result of `load_managed_roles()` on startup.
-#  See also: Authenticator.reset_managed_roles_on_startup
-# c.PAMAuthenticator.reset_managed_roles_on_startup = False
-
-## The name of the PAM service to use for authentication
-#  Default: 'login'
-# c.PAMAuthenticator.service = 'login'
-
-## 
-#  See also: LocalAuthenticator.uids
-# c.PAMAuthenticator.uids = {}
-
-## Dictionary mapping authenticator usernames to JupyterHub users.
-#  See also: Authenticator.username_map
-# c.PAMAuthenticator.username_map = {}
-
-## 
-#  See also: Authenticator.username_pattern
-# c.PAMAuthenticator.username_pattern = ''
-
-## Deprecated, use `Authenticator.allowed_users`
-#  See also: Authenticator.whitelist
-# c.PAMAuthenticator.whitelist = set()
-
 
 ## DockerSpawner Config