| 1 |
========================================================= |
|---|
| 2 |
Authenticating against Django's user database from Apache |
|---|
| 3 |
========================================================= |
|---|
| 4 |
|
|---|
| 5 |
Since keeping multiple authentication databases in sync is a common problem when |
|---|
| 6 |
dealing with Apache, you can configuring Apache to authenticate against Django's |
|---|
| 7 |
`authentication system`_ directly. For example, you could: |
|---|
| 8 |
|
|---|
| 9 |
* Serve static/media files directly from Apache only to authenticated users. |
|---|
| 10 |
|
|---|
| 11 |
* Authenticate access to a Subversion_ repository against Django users with |
|---|
| 12 |
a certain permission. |
|---|
| 13 |
|
|---|
| 14 |
* Allow certain users to connect to a WebDAV share created with mod_dav_. |
|---|
| 15 |
|
|---|
| 16 |
Configuring Apache |
|---|
| 17 |
================== |
|---|
| 18 |
|
|---|
| 19 |
To check against Django's authorization database from a Apache configuration |
|---|
| 20 |
file, you'll need to use mod_python's ``PythonAuthenHandler`` directive along |
|---|
| 21 |
with the standard ``Auth*`` and ``Require`` directives:: |
|---|
| 22 |
|
|---|
| 23 |
<Location /example/> |
|---|
| 24 |
AuthType basic |
|---|
| 25 |
AuthName "example.com" |
|---|
| 26 |
Require valid-user |
|---|
| 27 |
|
|---|
| 28 |
SetEnv DJANGO_SETTINGS_MODULE mysite.settings |
|---|
| 29 |
PythonAuthenHandler django.contrib.auth.handlers.modpython |
|---|
| 30 |
</Location> |
|---|
| 31 |
|
|---|
| 32 |
By default, the authentication handler will limit access to the ``/example/`` |
|---|
| 33 |
location to users marked as staff members. You can use a set of |
|---|
| 34 |
``PythonOption`` directives to modify this behavior: |
|---|
| 35 |
|
|---|
| 36 |
================================ ========================================= |
|---|
| 37 |
``PythonOption`` Explanation |
|---|
| 38 |
================================ ========================================= |
|---|
| 39 |
``DjangoRequireStaffStatus`` If set to ``on`` only "staff" users (i.e. |
|---|
| 40 |
those with the ``is_staff`` flag set) |
|---|
| 41 |
will be allowed. |
|---|
| 42 |
|
|---|
| 43 |
Defaults to ``on``. |
|---|
| 44 |
|
|---|
| 45 |
``DjangoRequireSuperuserStatus`` If set to ``on`` only superusers (i.e. |
|---|
| 46 |
those with the ``is_superuser`` flag set) |
|---|
| 47 |
will be allowed. |
|---|
| 48 |
|
|---|
| 49 |
Defaults to ``off``. |
|---|
| 50 |
|
|---|
| 51 |
``DjangoPermissionName`` The name of a permission to require for |
|---|
| 52 |
access. See `custom permissions`_ for |
|---|
| 53 |
more information. |
|---|
| 54 |
|
|---|
| 55 |
By default no specific permission will be |
|---|
| 56 |
required. |
|---|
| 57 |
================================ ========================================= |
|---|
| 58 |
|
|---|
| 59 |
Note that sometimes ``SetEnv`` doesn't play well in this mod_python |
|---|
| 60 |
configuration, for reasons unknown. If you're having problems getting |
|---|
| 61 |
mod_python to recognize your ``DJANGO_SETTINGS_MODULE``, you can set it using |
|---|
| 62 |
``PythonOption`` instead of ``SetEnv``. Therefore, these two Apache directives |
|---|
| 63 |
are equivalent:: |
|---|
| 64 |
|
|---|
| 65 |
SetEnv DJANGO_SETTINGS_MODULE mysite.settings |
|---|
| 66 |
PythonOption DJANGO_SETTINGS_MODULE mysite.settings |
|---|
| 67 |
|
|---|
| 68 |
.. _authentication system: ../authentication/ |
|---|
| 69 |
.. _Subversion: http://subversion.tigris.org/ |
|---|
| 70 |
.. _mod_dav: http://httpd.apache.org/docs/2.0/mod/mod_dav.html |
|---|
| 71 |
.. _custom permissions: ../authentication/#custom-permissions |
|---|
