<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN"
"http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<meta http-equiv="Content-Type" content="text/html; charset=utf-8" />
<title>Authenticating against Django’s user database from Apache — Django v1.2 documentation</title>
<link rel="stylesheet" href="../_static/default.css" type="text/css" />
<link rel="stylesheet" href="../_static/pygments.css" type="text/css" />
<script type="text/javascript">
var DOCUMENTATION_OPTIONS = {
URL_ROOT: '../',
VERSION: '1.2',
COLLAPSE_INDEX: false,
FILE_SUFFIX: '.html',
HAS_SOURCE: true
};
</script>
<script type="text/javascript" src="../_static/jquery.js"></script>
<script type="text/javascript" src="../_static/underscore.js"></script>
<script type="text/javascript" src="../_static/doctools.js"></script>
<link rel="top" title="Django v1.2 documentation" href="../index.html" />
<link rel="up" title="“How-to” guides" href="index.html" />
<link rel="next" title="Authentication using REMOTE_USER" href="auth-remote-user.html" />
<link rel="prev" title="“How-to” guides" href="index.html" />
<script type="text/javascript" src="../templatebuiltins.js"></script>
<script type="text/javascript">
(function($) {
if (!django_template_builtins) {
// templatebuiltins.js missing, do nothing.
return;
}
$(document).ready(function() {
// Hyperlink Django template tags and filters
var base = "../ref/templates/builtins.html";
if (base == "#") {
// Special case for builtins.html itself
base = "";
}
// Tags are keywords, class '.k'
$("div.highlight\\-html\\+django span.k").each(function(i, elem) {
var tagname = $(elem).text();
if ($.inArray(tagname, django_template_builtins.ttags) != -1) {
var fragment = tagname.replace(/_/, '-');
$(elem).html("<a href='" + base + "#" + fragment + "'>" + tagname + "</a>");
}
});
// Filters are functions, class '.nf'
$("div.highlight\\-html\\+django span.nf").each(function(i, elem) {
var filtername = $(elem).text();
if ($.inArray(filtername, django_template_builtins.tfilters) != -1) {
var fragment = filtername.replace(/_/, '-');
$(elem).html("<a href='" + base + "#" + fragment + "'>" + filtername + "</a>");
}
});
});
})(jQuery);
</script>
</head>
<body>
<div class="document">
<div id="custom-doc" class="yui-t6">
<div id="hd">
<h1><a href="../index.html">Django v1.2 documentation</a></h1>
<div id="global-nav">
<a title="Home page" href="../index.html">Home</a> |
<a title="Table of contents" href="../contents.html">Table of contents</a> |
<a title="Global index" href="../genindex.html">Index</a> |
<a title="Module index" href="../py-modindex.html">Modules</a>
</div>
<div class="nav">
« <a href="index.html" title="&#8220;How-to&#8221; guides">previous</a>
|
<a href="index.html" title="&#8220;How-to&#8221; guides" accesskey="U">up</a>
|
<a href="auth-remote-user.html" title="Authentication using <tt class="docutils literal"><span class="pre">REMOTE_USER</span></tt>">next</a> »</div>
</div>
<div id="bd">
<div id="yui-main">
<div class="yui-b">
<div class="yui-g" id="howto-apache-auth">
<div class="section" id="s-authenticating-against-django-s-user-database-from-apache">
<span id="authenticating-against-django-s-user-database-from-apache"></span><h1>Authenticating against Django’s user database from Apache<a class="headerlink" href="#authenticating-against-django-s-user-database-from-apache" title="Permalink to this headline">¶</a></h1>
<p>Since keeping multiple authentication databases in sync is a common problem when
dealing with Apache, you can configuring Apache to authenticate against Django’s
<a class="reference internal" href="../topics/auth.html"><em>authentication system</em></a> directly. For example, you
could:</p>
<ul class="simple">
<li>Serve static/media files directly from Apache only to authenticated users.</li>
<li>Authenticate access to a <a class="reference external" href="http://subversion.tigris.org/">Subversion</a> repository against Django users with
a certain permission.</li>
<li>Allow certain users to connect to a WebDAV share created with <a class="reference external" href="http://httpd.apache.org/docs/2.0/mod/mod_dav.html">mod_dav</a>.</li>
</ul>
<div class="section" id="s-configuring-apache">
<span id="configuring-apache"></span><h2>Configuring Apache<a class="headerlink" href="#configuring-apache" title="Permalink to this headline">¶</a></h2>
<p>To check against Django’s authorization database from a Apache configuration
file, you’ll need to use mod_python’s <tt class="docutils literal"><span class="pre">PythonAuthenHandler</span></tt> directive along
with the standard <tt class="docutils literal"><span class="pre">Auth*</span></tt> and <tt class="docutils literal"><span class="pre">Require</span></tt> directives:</p>
<div class="highlight-apache"><div class="highlight"><pre><span class="nt"><Location</span> <span class="s">/example/</span><span class="nt">></span>
<span class="nb">AuthType</span> Basic
<span class="nb">AuthName</span> <span class="s2">"example.com"</span>
<span class="nb">Require</span> valid-user
<span class="nb">SetEnv</span> DJANGO_SETTINGS_MODULE mysite.settings
<span class="nb">PythonAuthenHandler</span> django.contrib.auth.handlers.modpython
<span class="nt"></Location></span>
</pre></div>
</div>
<div class="admonition-using-the-authentication-handler-with-apache-2-2 admonition ">
<p class="first admonition-title">Using the authentication handler with Apache 2.2</p>
<p>If you're using Apache 2.2, you'll need to take a couple extra steps.</p>
<p>You'll need to ensure that <tt class="docutils literal"><span class="pre">mod_auth_basic</span></tt> and <tt class="docutils literal"><span class="pre">mod_authz_user</span></tt>
are loaded. These might be compiled statically into Apache, or you might
need to use <tt class="docutils literal"><span class="pre">LoadModule</span></tt> to load them dynamically (as shown in the
example at the bottom of this note).</p>
<p>You'll also need to insert configuration directives that prevent Apache
from trying to use other authentication modules, as well as specifying
the <tt class="docutils literal"><span class="pre">AuthUserFile</span></tt> directive and pointing it to <tt class="docutils literal"><span class="pre">/dev/null</span></tt>. Depending
on which other authentication modules you have loaded, you might need one
or more of the following directives:</p>
<div class="highlight-apache"><div class="highlight"><pre><span class="nb">AuthBasicAuthoritative</span> <span class="k">Off</span>
<span class="nb">AuthDefaultAuthoritative</span> <span class="k">Off</span>
<span class="nb">AuthzLDAPAuthoritative</span> <span class="k">Off</span>
<span class="nb">AuthzDBMAuthoritative</span> <span class="k">Off</span>
<span class="nb">AuthzDefaultAuthoritative</span> <span class="k">Off</span>
<span class="nb">AuthzGroupFileAuthoritative</span> <span class="k">Off</span>
<span class="nb">AuthzOwnerAuthoritative</span> <span class="k">Off</span>
<span class="nb">AuthzUserAuthoritative</span> <span class="k">Off</span>
</pre></div>
</div>
<p>A complete configuration, with differences between Apache 2.0 and
Apache 2.2 marked in bold, would look something like:</p>
<pre class="last literal-block">
<strong>LoadModule auth_basic_module modules/mod_auth_basic.so</strong>
<strong>LoadModule authz_user_module modules/mod_authz_user.so</strong>
...
<Location /example/>
AuthType Basic
AuthName "example.com"
<strong>AuthUserFile /dev/null</strong>
<strong>AuthBasicAuthoritative Off</strong>
Require valid-user
SetEnv DJANGO_SETTINGS_MODULE mysite.settings
PythonAuthenHandler django.contrib.auth.handlers.modpython
</Location>
</pre>
</div>
<p>By default, the authentication handler will limit access to the <tt class="docutils literal"><span class="pre">/example/</span></tt>
location to users marked as staff members. You can use a set of
<tt class="docutils literal"><span class="pre">PythonOption</span></tt> directives to modify this behavior:</p>
<table class="docutils">
<colgroup>
<col width="44%" />
<col width="56%" />
</colgroup>
<thead valign="bottom">
<tr><th class="head"><tt class="docutils literal"><span class="pre">PythonOption</span></tt></th>
<th class="head">Explanation</th>
</tr>
</thead>
<tbody valign="top">
<tr><td><tt class="docutils literal"><span class="pre">DjangoRequireStaffStatus</span></tt></td>
<td><p class="first">If set to <tt class="docutils literal"><span class="pre">on</span></tt> only "staff" users (i.e.
those with the <tt class="docutils literal"><span class="pre">is_staff</span></tt> flag set)
will be allowed.</p>
<p class="last">Defaults to <tt class="docutils literal"><span class="pre">on</span></tt>.</p>
</td>
</tr>
<tr><td><tt class="docutils literal"><span class="pre">DjangoRequireSuperuserStatus</span></tt></td>
<td><p class="first">If set to <tt class="docutils literal"><span class="pre">on</span></tt> only superusers (i.e.
those with the <tt class="docutils literal"><span class="pre">is_superuser</span></tt> flag set)
will be allowed.</p>
<p class="last">Defaults to <tt class="docutils literal"><span class="pre">off</span></tt>.</p>
</td>
</tr>
<tr><td><tt class="docutils literal"><span class="pre">DjangoPermissionName</span></tt></td>
<td><p class="first">The name of a permission to require for
access. See <a class="reference internal" href="../topics/auth.html#custom-permissions"><em>custom permissions</em></a> for more
information.</p>
<p class="last">By default no specific permission will be
required.</p>
</td>
</tr>
</tbody>
</table>
<p>Note that sometimes <tt class="docutils literal"><span class="pre">SetEnv</span></tt> doesn't play well in this mod_python
configuration, for reasons unknown. If you're having problems getting
mod_python to recognize your <tt class="docutils literal"><span class="pre">DJANGO_SETTINGS_MODULE</span></tt>, you can set it using
<tt class="docutils literal"><span class="pre">PythonOption</span></tt> instead of <tt class="docutils literal"><span class="pre">SetEnv</span></tt>. Therefore, these two Apache directives
are equivalent:</p>
<div class="highlight-python"><pre>SetEnv DJANGO_SETTINGS_MODULE mysite.settings
PythonOption DJANGO_SETTINGS_MODULE mysite.settings</pre>
</div>
</div>
</div>
</div>
</div>
</div>
<div class="yui-b" id="sidebar">
<div class="sphinxsidebar">
<div class="sphinxsidebarwrapper">
<h3><a href="../contents.html">Table Of Contents</a></h3>
<ul>
<li><a class="reference internal" href="#">Authenticating against Django’s user database from Apache</a><ul>
<li><a class="reference internal" href="#configuring-apache">Configuring Apache</a></li>
</ul>
</li>
</ul>
<h3>Browse</h3>
<ul>
<li>Prev: <a href="index.html">“How-to” guides</a></li>
<li>Next: <a href="auth-remote-user.html">Authentication using <tt class="docutils literal"><span class="pre">REMOTE_USER</span></tt></a></li>
</ul>
<h3>You are here:</h3>
<ul>
<li>
<a href="../index.html">Django v1.2 documentation</a>
<ul><li><a href="index.html">“How-to” guides</a>
<ul><li>Authenticating against Django’s user database from Apache</li></ul>
</li></ul>
</li>
</ul>
<h3>This Page</h3>
<ul class="this-page-menu">
<li><a href="../_sources/howto/apache-auth.txt"
rel="nofollow">Show Source</a></li>
</ul>
<div id="searchbox" style="display: none">
<h3>Quick search</h3>
<form class="search" action="../search.html" method="get">
<input type="text" name="q" size="18" />
<input type="submit" value="Go" />
<input type="hidden" name="check_keywords" value="yes" />
<input type="hidden" name="area" value="default" />
</form>
<p class="searchtip" style="font-size: 90%">
Enter search terms or a module, class or function name.
</p>
</div>
<script type="text/javascript">$('#searchbox').show(0);</script>
</div>
</div>
<h3>Last update:</h3>
<p class="topless">Oct 20, 2010</p>
</div>
</div>
<div id="ft">
<div class="nav">
« <a href="index.html" title="&#8220;How-to&#8221; guides">previous</a>
|
<a href="index.html" title="&#8220;How-to&#8221; guides" accesskey="U">up</a>
|
<a href="auth-remote-user.html" title="Authentication using <tt class="docutils literal"><span class="pre">REMOTE_USER</span></tt>">next</a> »</div>
</div>
</div>
<div class="clearer"></div>
</div>
</body>
</html>
distrib
>
Arklinux
>
devel
>
i586
>
media
>
main
>
by-pkgid
>
5fcb1fedf34660bc240dc59b7bfcebc4
>
files
>
270
