lib/django-0.96/docs/apache_auth.txt - external/googleappengine/python - Git at Google

 =========================================================
 Authenticating against Django's user database from Apache
 =========================================================

 Since keeping multiple authentication databases in sync is a common problem when
 dealing with Apache, you can configuring Apache to authenticate against Django's
 `authentication system`_ directly.  For example, you could:

     * Serve static/media files directly from Apache only to authenticated users.

     * Authenticate access to a Subversion_ repository against Django users with
       a certain permission.

     * Allow certain users to connect to a WebDAV share created with mod_dav_.

 Configuring Apache
 ==================

 To check against Django's authorization database from a Apache configuration
 file, you'll need to use mod_python's ``PythonAuthenHandler`` directive along
 with the standard ``Auth*`` and ``Require`` directives::

     <Location /example/>
         AuthType basic
         AuthName "example.com"
         Require valid-user

         SetEnv DJANGO_SETTINGS_MODULE mysite.settings
         PythonAuthenHandler django.contrib.auth.handlers.modpython
     </Location>

 By default, the authentication handler will limit access to the ``/example/``
 location to users marked as staff members.  You can use a set of
 ``PythonOption`` directives to modify this behavior:

     ================================  =========================================
     ``PythonOption``                  Explanation
     ================================  =========================================
     ``DjangoRequireStaffStatus``      If set to ``on`` only "staff" users (i.e.
                                       those with the ``is_staff`` flag set)
                                       will be allowed.

                                       Defaults to ``on``.

     ``DjangoRequireSuperuserStatus``  If set to ``on`` only superusers (i.e.
                                       those with the ``is_superuser`` flag set)
                                       will be allowed.

                                       Defaults to ``off``.

     ``DjangoPermissionName``          The name of a permission to require for
                                       access. See `custom permissions`_ for
                                       more information.

                                       By default no specific permission will be
                                       required.
     ================================  =========================================

 Note that sometimes ``SetEnv`` doesn't play well in this mod_python
 configuration, for reasons unknown. If you're having problems getting
 mod_python to recognize your ``DJANGO_SETTINGS_MODULE``, you can set it using
 ``PythonOption`` instead of ``SetEnv``. Therefore, these two Apache directives
 are equivalent::

     SetEnv DJANGO_SETTINGS_MODULE mysite.settings
     PythonOption DJANGO_SETTINGS_MODULE mysite.settings

 .. _authentication system: ../authentication/
 .. _Subversion: http://subversion.tigris.org/
 .. _mod_dav: http://httpd.apache.org/docs/2.0/mod/mod_dav.html
 .. _custom permissions: ../authentication/#custom-permissions
	=========================================================
	Authenticating against Django's user database from Apache
	=========================================================

	Since keeping multiple authentication databases in sync is a common problem when
	dealing with Apache, you can configuring Apache to authenticate against Django's
	`authentication system`_ directly. For example, you could:

	* Serve static/media files directly from Apache only to authenticated users.

	* Authenticate access to a Subversion_ repository against Django users with
	a certain permission.

	* Allow certain users to connect to a WebDAV share created with mod_dav_.

	Configuring Apache
	==================

	To check against Django's authorization database from a Apache configuration
	file, you'll need to use mod_python's ``PythonAuthenHandler`` directive along
	with the standard ``Auth*`` and ``Require`` directives::

	<Location /example/>
	AuthType basic
	AuthName "example.com"
	Require valid-user

	SetEnv DJANGO_SETTINGS_MODULE mysite.settings
	PythonAuthenHandler django.contrib.auth.handlers.modpython
	</Location>

	By default, the authentication handler will limit access to the ``/example/``
	location to users marked as staff members. You can use a set of
	``PythonOption`` directives to modify this behavior:

	================================ =========================================
	``PythonOption`` Explanation
	================================ =========================================
	``DjangoRequireStaffStatus`` If set to ``on`` only "staff" users (i.e.
	those with the ``is_staff`` flag set)
	will be allowed.

	Defaults to ``on``.

	``DjangoRequireSuperuserStatus`` If set to ``on`` only superusers (i.e.
	those with the ``is_superuser`` flag set)
	will be allowed.

	Defaults to ``off``.

	``DjangoPermissionName`` The name of a permission to require for
	access. See `custom permissions`_ for
	more information.

	By default no specific permission will be
	required.
	================================ =========================================

	Note that sometimes ``SetEnv`` doesn't play well in this mod_python
	configuration, for reasons unknown. If you're having problems getting
	mod_python to recognize your ``DJANGO_SETTINGS_MODULE``, you can set it using
	``PythonOption`` instead of ``SetEnv``. Therefore, these two Apache directives
	are equivalent::

	SetEnv DJANGO_SETTINGS_MODULE mysite.settings
	PythonOption DJANGO_SETTINGS_MODULE mysite.settings

	.. _authentication system: ../authentication/
	.. _Subversion: http://subversion.tigris.org/
	.. _mod_dav: http://httpd.apache.org/docs/2.0/mod/mod_dav.html
	.. _custom permissions: ../authentication/#custom-permissions