1 =========================================================

     2 Authenticating against Django's user database from Apache

     3 =========================================================

     4 

     5 Since keeping multiple authentication databases in sync is a common problem when

     6 dealing with Apache, you can configuring Apache to authenticate against Django's

     7 `authentication system`_ directly.  For example, you could:

     8 

     9     * Serve static/media files directly from Apache only to authenticated users.

    10 

    11     * Authenticate access to a Subversion_ repository against Django users with

    12       a certain permission.

    13 

    14     * Allow certain users to connect to a WebDAV share created with mod_dav_.

    15 

    16 Configuring Apache

    17 ==================

    18 

    19 To check against Django's authorization database from a Apache configuration

    20 file, you'll need to use mod_python's ``PythonAuthenHandler`` directive along

    21 with the standard ``Auth*`` and ``Require`` directives::

    22 

    23     <Location /example/>

    24         AuthType basic

    25         AuthName "example.com"

    26         Require valid-user

    27 

    28         SetEnv DJANGO_SETTINGS_MODULE mysite.settings

    29         PythonAuthenHandler django.contrib.auth.handlers.modpython

    30     </Location>

    31 

    32 By default, the authentication handler will limit access to the ``/example/``

    33 location to users marked as staff members.  You can use a set of

    34 ``PythonOption`` directives to modify this behavior:

    35 

    36     ================================  =========================================

    37     ``PythonOption``                  Explanation

    38     ================================  =========================================

    39     ``DjangoRequireStaffStatus``      If set to ``on`` only "staff" users (i.e.

    40                                       those with the ``is_staff`` flag set)

    41                                       will be allowed.

    42 

    43                                       Defaults to ``on``.

    44 

    45     ``DjangoRequireSuperuserStatus``  If set to ``on`` only superusers (i.e.

    46                                       those with the ``is_superuser`` flag set)

    47                                       will be allowed.

    48 

    49                                       Defaults to ``off``.

    50 

    51     ``DjangoPermissionName``          The name of a permission to require for

    52                                       access. See `custom permissions`_ for

    53                                       more information.

    54 

    55                                       By default no specific permission will be

    56                                       required.

    57     ================================  =========================================

    58 

    59 Note that sometimes ``SetEnv`` doesn't play well in this mod_python

    60 configuration, for reasons unknown. If you're having problems getting

    61 mod_python to recognize your ``DJANGO_SETTINGS_MODULE``, you can set it using

    62 ``PythonOption`` instead of ``SetEnv``. Therefore, these two Apache directives

    63 are equivalent::

    64 

    65     SetEnv DJANGO_SETTINGS_MODULE mysite.settings

    66     PythonOption DJANGO_SETTINGS_MODULE mysite.settings

    67 

    68 .. _authentication system: ../authentication/

    69 .. _Subversion: http://subversion.tigris.org/

    70 .. _mod_dav: http://httpd.apache.org/docs/2.0/mod/mod_dav.html

    71 .. _custom permissions: ../authentication/#custom-permissions