Commit
This commit does not belong to any branch on this repository, and may belong to a fork outside of the repository.
Added mod_python authentication handler and document on authenticatin…
…g against Django's auth database from Apache git-svn-id: http://code.djangoproject.com/svn/django/trunk@1495 bcc190cf-cafb-0310-a4f2-bffc1f526a37
- Loading branch information
Showing
2 changed files
with
105 additions
and
0 deletions.
There are no files selected for viewing
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,62 @@ | ||
========================================================= | ||
Authenticating against Django's user database from Apache | ||
========================================================= | ||
|
||
Since keeping multiple authentication databases in sync is a common problem when | ||
dealing with Apache, you can configuring Apache to authenticate against Django's | ||
`authentication system`_ directly. For example, you could: | ||
|
||
* Serve media files directly from Apache only to authenticated users. | ||
|
||
* Authenticate access to a Subversion_ repository against Django users with | ||
a certain permission. | ||
|
||
* Allow certain users to connect to a WebDAV share created with mod_dav_. | ||
|
||
Configuring Apache | ||
================== | ||
|
||
To check against Django's authorization database from a Apache configuration | ||
file, you'll need to use mod_python's ``PythonAuthenHandler`` directive along | ||
with the standard ``Auth*`` and ``Require`` directives:: | ||
|
||
<Location /example/> | ||
AuthType basic | ||
AuthName "example.com" | ||
Require valid-user | ||
|
||
SetEnv DJANGO_SETTINGS_MODULE mysite.settings | ||
PythonAuthenHandler django.core.handlers.modpython | ||
</Location> | ||
|
||
By default, the authentication handler will limit access to the ``/example/`` | ||
location to users marked as staff members. You can use a set of | ||
``PythonOption`` directives to modify this behavior:: | ||
|
||
================================ ========================================= | ||
``PythonOption`` Explanation | ||
================================ ========================================= | ||
``DjangoRequireStaffStatus`` If set to ``on`` only "staff" users (i.e. | ||
those with the ``is_staff`` flag set) | ||
will be allowed. | ||
|
||
Defaults to ``on``. | ||
|
||
``DjangoRequireSuperuserStatus`` If set to ``on`` only superusers (i.e. | ||
those with the ``is_superuser`` flag set) | ||
will be allowed. | ||
|
||
Defaults to ``off``. | ||
|
||
``DjangoPermissionName`` The name of a permission to require for | ||
access. See `custom permissions`_ for | ||
more information. | ||
|
||
By default no specific permission will be | ||
required. | ||
================================ ========================================= | ||
|
||
.. _authentication system: http://www.djangoproject.com/documentation/authentication/ | ||
.. _Subversion: http://subversion.tigris.org/ | ||
.. _mod_dav: http://httpd.apache.org/docs/2.0/mod/mod_dav.html | ||
.. _custom permissions: http://www.djangoproject.com/documentation/authentication/#custom-permissions |