| ========================================================= |
| Authenticating against Django's user database from Apache |
| ========================================================= |
| |
| Since keeping multiple authentication databases in sync is a common problem when |
| dealing with Apache, you can configuring Apache to authenticate against Django's |
| `authentication system`_ directly. For example, you could: |
| |
| * Serve static/media files directly from Apache only to authenticated users. |
| |
| * Authenticate access to a Subversion_ repository against Django users with |
| a certain permission. |
| |
| * Allow certain users to connect to a WebDAV share created with mod_dav_. |
| |
| Configuring Apache |
| ================== |
| |
| To check against Django's authorization database from a Apache configuration |
| file, you'll need to use mod_python's ``PythonAuthenHandler`` directive along |
| with the standard ``Auth*`` and ``Require`` directives:: |
| |
| <Location /example/> |
| AuthType basic |
| AuthName "example.com" |
| Require valid-user |
| |
| SetEnv DJANGO_SETTINGS_MODULE mysite.settings |
| PythonAuthenHandler django.contrib.auth.handlers.modpython |
| </Location> |
| |
| By default, the authentication handler will limit access to the ``/example/`` |
| location to users marked as staff members. You can use a set of |
| ``PythonOption`` directives to modify this behavior: |
| |
| ================================ ========================================= |
| ``PythonOption`` Explanation |
| ================================ ========================================= |
| ``DjangoRequireStaffStatus`` If set to ``on`` only "staff" users (i.e. |
| those with the ``is_staff`` flag set) |
| will be allowed. |
| |
| Defaults to ``on``. |
| |
| ``DjangoRequireSuperuserStatus`` If set to ``on`` only superusers (i.e. |
| those with the ``is_superuser`` flag set) |
| will be allowed. |
| |
| Defaults to ``off``. |
| |
| ``DjangoPermissionName`` The name of a permission to require for |
| access. See `custom permissions`_ for |
| more information. |
| |
| By default no specific permission will be |
| required. |
| ================================ ========================================= |
| |
| Note that sometimes ``SetEnv`` doesn't play well in this mod_python |
| configuration, for reasons unknown. If you're having problems getting |
| mod_python to recognize your ``DJANGO_SETTINGS_MODULE``, you can set it using |
| ``PythonOption`` instead of ``SetEnv``. Therefore, these two Apache directives |
| are equivalent:: |
| |
| SetEnv DJANGO_SETTINGS_MODULE mysite.settings |
| PythonOption DJANGO_SETTINGS_MODULE mysite.settings |
| |
| .. _authentication system: ../authentication/ |
| .. _Subversion: http://subversion.tigris.org/ |
| .. _mod_dav: http://httpd.apache.org/docs/2.0/mod/mod_dav.html |
| .. _custom permissions: ../authentication/#custom-permissions |