+
−=========================================================
+
−Authenticating against Django's user database from Apache
+
−=========================================================
+
−
+
−Since keeping multiple authentication databases in sync is a common problem when
+
−dealing with Apache, you can configuring Apache to authenticate against Django's
+
−`authentication system`_ directly.  For example, you could:
+
−
+
−    * Serve static/media files directly from Apache only to authenticated users.
+
−
+
−    * Authenticate access to a Subversion_ repository against Django users with
+
−      a certain permission.
+
−
+
−    * Allow certain users to connect to a WebDAV share created with mod_dav_.
+
−
+
−Configuring Apache
+
−==================
+
−
+
−To check against Django's authorization database from a Apache configuration
+
−file, you'll need to use mod_python's ``PythonAuthenHandler`` directive along
+
−with the standard ``Auth*`` and ``Require`` directives::
+
−
+
−    <Location /example/>
+
−        AuthType basic
+
−        AuthName "example.com"
+
−        Require valid-user
+
−
+
−        SetEnv DJANGO_SETTINGS_MODULE mysite.settings
+
−        PythonAuthenHandler django.contrib.auth.handlers.modpython
+
−    </Location>
+
−
+
−By default, the authentication handler will limit access to the ``/example/``
+
−location to users marked as staff members.  You can use a set of
+
−``PythonOption`` directives to modify this behavior:
+
−
+
−    ================================  =========================================
+
−    ``PythonOption``                  Explanation
+
−    ================================  =========================================
+
−    ``DjangoRequireStaffStatus``      If set to ``on`` only "staff" users (i.e.
+
−                                      those with the ``is_staff`` flag set)
+
−                                      will be allowed.
+
−
+
−                                      Defaults to ``on``.
+
−
+
−    ``DjangoRequireSuperuserStatus``  If set to ``on`` only superusers (i.e.
+
−                                      those with the ``is_superuser`` flag set)
+
−                                      will be allowed.
+
−
+
−                                      Defaults to ``off``.
+
−
+
−    ``DjangoPermissionName``          The name of a permission to require for
+
−                                      access. See `custom permissions`_ for
+
−                                      more information.
+
−
+
−                                      By default no specific permission will be
+
−                                      required.
+
−    ================================  =========================================
+
−
+
−Note that sometimes ``SetEnv`` doesn't play well in this mod_python
+
−configuration, for reasons unknown. If you're having problems getting
+
−mod_python to recognize your ``DJANGO_SETTINGS_MODULE``, you can set it using
+
−``PythonOption`` instead of ``SetEnv``. Therefore, these two Apache directives
+
−are equivalent::
+
−
+
−    SetEnv DJANGO_SETTINGS_MODULE mysite.settings
+
−    PythonOption DJANGO_SETTINGS_MODULE mysite.settings
+
−
+
−.. _authentication system: ../authentication/
+
−.. _Subversion: http://subversion.tigris.org/
+
−.. _mod_dav: http://httpd.apache.org/docs/2.0/mod/mod_dav.html
+
−.. _custom permissions: ../authentication/#custom-permissions