From ae76186a4f86c1e5a687f58bfa54166a0dde6a93 Mon Sep 17 00:00:00 2001 From: Jacob Kaplan-Moss Date: Tue, 29 Nov 2005 18:26:07 +0000 Subject: Added mod_python authentication handler and document on authenticating against Django's auth database from Apache git-svn-id: http://code.djangoproject.com/svn/django/trunk@1495 bcc190cf-cafb-0310-a4f2-bffc1f526a37 --- docs/apache_auth.txt | 62 ++++++++++++++++++++++++++++++++++++++++++++++++++++ 1 file changed, 62 insertions(+) create mode 100644 docs/apache_auth.txt (limited to 'docs') diff --git a/docs/apache_auth.txt b/docs/apache_auth.txt new file mode 100644 index 0000000000..bbb2fe091d --- /dev/null +++ b/docs/apache_auth.txt @@ -0,0 +1,62 @@ +========================================================= +Authenticating against Django's user database from Apache +========================================================= + +Since keeping multiple authentication databases in sync is a common problem when +dealing with Apache, you can configuring Apache to authenticate against Django's +`authentication system`_ directly. For example, you could: + + * Serve media files directly from Apache only to authenticated users. + + * Authenticate access to a Subversion_ repository against Django users with + a certain permission. + + * Allow certain users to connect to a WebDAV share created with mod_dav_. + +Configuring Apache +================== + +To check against Django's authorization database from a Apache configuration +file, you'll need to use mod_python's ``PythonAuthenHandler`` directive along +with the standard ``Auth*`` and ``Require`` directives:: + + + AuthType basic + AuthName "example.com" + Require valid-user + + SetEnv DJANGO_SETTINGS_MODULE mysite.settings + PythonAuthenHandler django.core.handlers.modpython + + +By default, the authentication handler will limit access to the ``/example/`` +location to users marked as staff members. You can use a set of +``PythonOption`` directives to modify this behavior:: + + ================================ ========================================= + ``PythonOption`` Explanation + ================================ ========================================= + ``DjangoRequireStaffStatus`` If set to ``on`` only "staff" users (i.e. + those with the ``is_staff`` flag set) + will be allowed. + + Defaults to ``on``. + + ``DjangoRequireSuperuserStatus`` If set to ``on`` only superusers (i.e. + those with the ``is_superuser`` flag set) + will be allowed. + + Defaults to ``off``. + + ``DjangoPermissionName`` The name of a permission to require for + access. See `custom permissions`_ for + more information. + + By default no specific permission will be + required. + ================================ ========================================= + +.. _authentication system: http://www.djangoproject.com/documentation/authentication/ +.. _Subversion: http://subversion.tigris.org/ +.. _mod_dav: http://httpd.apache.org/docs/2.0/mod/mod_dav.html +.. _custom permissions: http://www.djangoproject.com/documentation/authentication/#custom-permissions \ No newline at end of file -- cgit v1.3