|
1 ========================================================= |
|
2 Authenticating against Django's user database from Apache |
|
3 ========================================================= |
|
4 |
|
5 Since keeping multiple authentication databases in sync is a common problem when |
|
6 dealing with Apache, you can configuring Apache to authenticate against Django's |
|
7 `authentication system`_ directly. For example, you could: |
|
8 |
|
9 * Serve static/media files directly from Apache only to authenticated users. |
|
10 |
|
11 * Authenticate access to a Subversion_ repository against Django users with |
|
12 a certain permission. |
|
13 |
|
14 * Allow certain users to connect to a WebDAV share created with mod_dav_. |
|
15 |
|
16 Configuring Apache |
|
17 ================== |
|
18 |
|
19 To check against Django's authorization database from a Apache configuration |
|
20 file, you'll need to use mod_python's ``PythonAuthenHandler`` directive along |
|
21 with the standard ``Auth*`` and ``Require`` directives:: |
|
22 |
|
23 <Location /example/> |
|
24 AuthType basic |
|
25 AuthName "example.com" |
|
26 Require valid-user |
|
27 |
|
28 SetEnv DJANGO_SETTINGS_MODULE mysite.settings |
|
29 PythonAuthenHandler django.contrib.auth.handlers.modpython |
|
30 </Location> |
|
31 |
|
32 By default, the authentication handler will limit access to the ``/example/`` |
|
33 location to users marked as staff members. You can use a set of |
|
34 ``PythonOption`` directives to modify this behavior: |
|
35 |
|
36 ================================ ========================================= |
|
37 ``PythonOption`` Explanation |
|
38 ================================ ========================================= |
|
39 ``DjangoRequireStaffStatus`` If set to ``on`` only "staff" users (i.e. |
|
40 those with the ``is_staff`` flag set) |
|
41 will be allowed. |
|
42 |
|
43 Defaults to ``on``. |
|
44 |
|
45 ``DjangoRequireSuperuserStatus`` If set to ``on`` only superusers (i.e. |
|
46 those with the ``is_superuser`` flag set) |
|
47 will be allowed. |
|
48 |
|
49 Defaults to ``off``. |
|
50 |
|
51 ``DjangoPermissionName`` The name of a permission to require for |
|
52 access. See `custom permissions`_ for |
|
53 more information. |
|
54 |
|
55 By default no specific permission will be |
|
56 required. |
|
57 ================================ ========================================= |
|
58 |
|
59 Note that sometimes ``SetEnv`` doesn't play well in this mod_python |
|
60 configuration, for reasons unknown. If you're having problems getting |
|
61 mod_python to recognize your ``DJANGO_SETTINGS_MODULE``, you can set it using |
|
62 ``PythonOption`` instead of ``SetEnv``. Therefore, these two Apache directives |
|
63 are equivalent:: |
|
64 |
|
65 SetEnv DJANGO_SETTINGS_MODULE mysite.settings |
|
66 PythonOption DJANGO_SETTINGS_MODULE mysite.settings |
|
67 |
|
68 .. _authentication system: ../authentication/ |
|
69 .. _Subversion: http://subversion.tigris.org/ |
|
70 .. _mod_dav: http://httpd.apache.org/docs/2.0/mod/mod_dav.html |
|
71 .. _custom permissions: ../authentication/#custom-permissions |