<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN"
"http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<meta http-equiv="Content-Type" content="text/html; charset=utf-8" />
<title>Authenticating against Django’s user database from Apache — Django 1.4.5 documentation</title>
<link rel="stylesheet" href="../_static/default.css" type="text/css" />
<link rel="stylesheet" href="../_static/pygments.css" type="text/css" />
<script type="text/javascript">
var DOCUMENTATION_OPTIONS = {
URL_ROOT: '../',
VERSION: '1.4.5',
COLLAPSE_INDEX: false,
FILE_SUFFIX: '.html',
HAS_SOURCE: true
};
</script>
<script type="text/javascript" src="../_static/jquery.js"></script>
<script type="text/javascript" src="../_static/underscore.js"></script>
<script type="text/javascript" src="../_static/doctools.js"></script>
<link rel="top" title="Django 1.4.5 documentation" href="../index.html" />
<link rel="up" title="“How-to” guides" href="index.html" />
<link rel="next" title="Authentication using REMOTE_USER" href="auth-remote-user.html" />
<link rel="prev" title="“How-to” guides" href="index.html" />
<script type="text/javascript" src="../templatebuiltins.js"></script>
<script type="text/javascript">
(function($) {
if (!django_template_builtins) {
// templatebuiltins.js missing, do nothing.
return;
}
$(document).ready(function() {
// Hyperlink Django template tags and filters
var base = "../ref/templates/builtins.html";
if (base == "#") {
// Special case for builtins.html itself
base = "";
}
// Tags are keywords, class '.k'
$("div.highlight\\-html\\+django span.k").each(function(i, elem) {
var tagname = $(elem).text();
if ($.inArray(tagname, django_template_builtins.ttags) != -1) {
var fragment = tagname.replace(/_/, '-');
$(elem).html("<a href='" + base + "#" + fragment + "'>" + tagname + "</a>");
}
});
// Filters are functions, class '.nf'
$("div.highlight\\-html\\+django span.nf").each(function(i, elem) {
var filtername = $(elem).text();
if ($.inArray(filtername, django_template_builtins.tfilters) != -1) {
var fragment = filtername.replace(/_/, '-');
$(elem).html("<a href='" + base + "#" + fragment + "'>" + filtername + "</a>");
}
});
});
})(jQuery);
</script>
</head>
<body>
<div class="document">
<div id="custom-doc" class="yui-t6">
<div id="hd">
<h1><a href="../index.html">Django 1.4.5 documentation</a></h1>
<div id="global-nav">
<a title="Home page" href="../index.html">Home</a> |
<a title="Table of contents" href="../contents.html">Table of contents</a> |
<a title="Global index" href="../genindex.html">Index</a> |
<a title="Module index" href="../py-modindex.html">Modules</a>
</div>
<div class="nav">
« <a href="index.html" title="&#8220;How-to&#8221; guides">previous</a>
|
<a href="index.html" title="&#8220;How-to&#8221; guides" accesskey="U">up</a>
|
<a href="auth-remote-user.html" title="Authentication using <tt class="docutils literal"><span class="pre">REMOTE_USER</span></tt>">next</a> »</div>
</div>
<div id="bd">
<div id="yui-main">
<div class="yui-b">
<div class="yui-g" id="howto-apache-auth">
<div class="section" id="s-authenticating-against-django-s-user-database-from-apache">
<span id="authenticating-against-django-s-user-database-from-apache"></span><h1>Authenticating against Django’s user database from Apache<a class="headerlink" href="#authenticating-against-django-s-user-database-from-apache" title="Permalink to this headline">¶</a></h1>
<div class="admonition warning">
<p class="first admonition-title">Warning</p>
<p class="last">Support for mod_python has been deprecated within Django. At that
time, this method of authentication will no longer be provided by
Django. The community is welcome to offer its own alternate
solutions using WSGI middleware or other approaches.</p>
</div>
<p>Since keeping multiple authentication databases in sync is a common problem when
dealing with Apache, you can configuring Apache to authenticate against Django’s
<a class="reference internal" href="../topics/auth.html"><em>authentication system</em></a> directly. For example, you
could:</p>
<ul class="simple">
<li>Serve static/media files directly from Apache only to authenticated users.</li>
<li>Authenticate access to a <a class="reference external" href="http://subversion.tigris.org/">Subversion</a> repository against Django users with
a certain permission.</li>
<li>Allow certain users to connect to a WebDAV share created with <a class="reference external" href="http://httpd.apache.org/docs/2.0/mod/mod_dav.html">mod_dav</a>.</li>
</ul>
<div class="section" id="s-configuring-apache">
<span id="configuring-apache"></span><h2>Configuring Apache<a class="headerlink" href="#configuring-apache" title="Permalink to this headline">¶</a></h2>
<p>To check against Django’s authorization database from a Apache configuration
file, you’ll need to use mod_python’s <tt class="docutils literal"><span class="pre">PythonAuthenHandler</span></tt> directive along
with the standard <tt class="docutils literal"><span class="pre">Auth*</span></tt> and <tt class="docutils literal"><span class="pre">Require</span></tt> directives:</p>
<div class="highlight-apache"><div class="highlight"><pre><span class="nt"><Location</span> <span class="s">/example/</span><span class="nt">></span>
<span class="nb">AuthType</span> Basic
<span class="nb">AuthName</span> <span class="s2">"example.com"</span>
<span class="nb">Require</span> valid-user
<span class="nb">SetEnv</span> DJANGO_SETTINGS_MODULE mysite.settings
<span class="nb">PythonAuthenHandler</span> django.contrib.auth.handlers.modpython
<span class="nt"></Location></span>
</pre></div>
</div>
<div class="admonition-using-the-authentication-handler-with-apache-2-2 admonition">
<p class="first admonition-title">Using the authentication handler with Apache 2.2</p>
<p>If you’re using Apache 2.2, you’ll need to take a couple extra steps.</p>
<p>You’ll need to ensure that <tt class="docutils literal"><span class="pre">mod_auth_basic</span></tt> and <tt class="docutils literal"><span class="pre">mod_authz_user</span></tt>
are loaded. These might be compiled statically into Apache, or you might
need to use <tt class="docutils literal"><span class="pre">LoadModule</span></tt> to load them dynamically (as shown in the
example at the bottom of this note).</p>
<p>You’ll also need to insert configuration directives that prevent Apache
from trying to use other authentication modules, as well as specifying
the <tt class="docutils literal"><span class="pre">AuthUserFile</span></tt> directive and pointing it to <tt class="docutils literal"><span class="pre">/dev/null</span></tt>. Depending
on which other authentication modules you have loaded, you might need one
or more of the following directives:</p>
<div class="highlight-apache"><div class="highlight"><pre><span class="nb">AuthBasicAuthoritative</span> <span class="k">Off</span>
<span class="nb">AuthDefaultAuthoritative</span> <span class="k">Off</span>
<span class="nb">AuthzLDAPAuthoritative</span> <span class="k">Off</span>
<span class="nb">AuthzDBMAuthoritative</span> <span class="k">Off</span>
<span class="nb">AuthzDefaultAuthoritative</span> <span class="k">Off</span>
<span class="nb">AuthzGroupFileAuthoritative</span> <span class="k">Off</span>
<span class="nb">AuthzOwnerAuthoritative</span> <span class="k">Off</span>
<span class="nb">AuthzUserAuthoritative</span> <span class="k">Off</span>
</pre></div>
</div>
<p>A complete configuration, with differences between Apache 2.0 and
Apache 2.2 marked in bold, would look something like:</p>
<pre class="last literal-block">
<strong>LoadModule auth_basic_module modules/mod_auth_basic.so</strong>
<strong>LoadModule authz_user_module modules/mod_authz_user.so</strong>
...
<Location /example/>
AuthType Basic
AuthName "example.com"
<strong>AuthUserFile /dev/null</strong>
<strong>AuthBasicAuthoritative Off</strong>
Require valid-user
SetEnv DJANGO_SETTINGS_MODULE mysite.settings
PythonAuthenHandler django.contrib.auth.handlers.modpython
</Location>
</pre>
</div>
<p>By default, the authentication handler will limit access to the <tt class="docutils literal"><span class="pre">/example/</span></tt>
location to users marked as staff members. You can use a set of
<tt class="docutils literal"><span class="pre">PythonOption</span></tt> directives to modify this behavior:</p>
<table class="docutils">
<colgroup>
<col width="44%" />
<col width="56%" />
</colgroup>
<thead valign="bottom">
<tr class="row-odd"><th class="head"><tt class="docutils literal"><span class="pre">PythonOption</span></tt></th>
<th class="head">Explanation</th>
</tr>
</thead>
<tbody valign="top">
<tr class="row-even"><td><tt class="docutils literal"><span class="pre">DjangoRequireStaffStatus</span></tt></td>
<td><p class="first">If set to <tt class="docutils literal"><span class="pre">on</span></tt> only “staff” users (i.e.
those with the <tt class="docutils literal"><span class="pre">is_staff</span></tt> flag set)
will be allowed.</p>
<p class="last">Defaults to <tt class="docutils literal"><span class="pre">on</span></tt>.</p>
</td>
</tr>
<tr class="row-odd"><td><tt class="docutils literal"><span class="pre">DjangoRequireSuperuserStatus</span></tt></td>
<td><p class="first">If set to <tt class="docutils literal"><span class="pre">on</span></tt> only superusers (i.e.
those with the <tt class="docutils literal"><span class="pre">is_superuser</span></tt> flag set)
will be allowed.</p>
<p class="last">Defaults to <tt class="docutils literal"><span class="pre">off</span></tt>.</p>
</td>
</tr>
<tr class="row-even"><td><tt class="docutils literal"><span class="pre">DjangoPermissionName</span></tt></td>
<td><p class="first">The name of a permission to require for
access. See <a class="reference internal" href="../topics/auth.html#custom-permissions"><em>custom permissions</em></a> for more
information.</p>
<p class="last">By default no specific permission will be
required.</p>
</td>
</tr>
</tbody>
</table>
<p>Note that sometimes <tt class="docutils literal"><span class="pre">SetEnv</span></tt> doesn’t play well in this mod_python
configuration, for reasons unknown. If you’re having problems getting
mod_python to recognize your <tt class="docutils literal"><span class="pre">DJANGO_SETTINGS_MODULE</span></tt>, you can set it using
<tt class="docutils literal"><span class="pre">PythonOption</span></tt> instead of <tt class="docutils literal"><span class="pre">SetEnv</span></tt>. Therefore, these two Apache directives
are equivalent:</p>
<div class="highlight-python"><pre>SetEnv DJANGO_SETTINGS_MODULE mysite.settings
PythonOption DJANGO_SETTINGS_MODULE mysite.settings</pre>
</div>
</div>
</div>
</div>
</div>
</div>
<div class="yui-b" id="sidebar">
<div class="sphinxsidebar">
<div class="sphinxsidebarwrapper">
<h3><a href="../contents.html">Table Of Contents</a></h3>
<ul>
<li><a class="reference internal" href="#">Authenticating against Django’s user database from Apache</a><ul>
<li><a class="reference internal" href="#configuring-apache">Configuring Apache</a></li>
</ul>
</li>
</ul>
<h3>Browse</h3>
<ul>
<li>Prev: <a href="index.html">“How-to” guides</a></li>
<li>Next: <a href="auth-remote-user.html">Authentication using <tt class="docutils literal"><span class="pre">REMOTE_USER</span></tt></a></li>
</ul>
<h3>You are here:</h3>
<ul>
<li>
<a href="../index.html">Django 1.4.5 documentation</a>
<ul><li><a href="index.html">“How-to” guides</a>
<ul><li>Authenticating against Django’s user database from Apache</li></ul>
</li></ul>
</li>
</ul>
<h3>This Page</h3>
<ul class="this-page-menu">
<li><a href="../_sources/howto/apache-auth.txt"
rel="nofollow">Show Source</a></li>
</ul>
<div id="searchbox" style="display: none">
<h3>Quick search</h3>
<form class="search" action="../search.html" method="get">
<input type="text" name="q" />
<input type="submit" value="Go" />
<input type="hidden" name="check_keywords" value="yes" />
<input type="hidden" name="area" value="default" />
</form>
<p class="searchtip" style="font-size: 90%">
Enter search terms or a module, class or function name.
</p>
</div>
<script type="text/javascript">$('#searchbox').show(0);</script>
</div>
</div>
<h3>Last update:</h3>
<p class="topless">Feb 21, 2013</p>
</div>
</div>
<div id="ft">
<div class="nav">
« <a href="index.html" title="&#8220;How-to&#8221; guides">previous</a>
|
<a href="index.html" title="&#8220;How-to&#8221; guides" accesskey="U">up</a>
|
<a href="auth-remote-user.html" title="Authentication using <tt class="docutils literal"><span class="pre">REMOTE_USER</span></tt>">next</a> »</div>
</div>
</div>
<div class="clearer"></div>
</div>
</body>
</html>
