<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd"> <html xmlns="http://www.w3.org/1999/xhtml"> <head> <meta http-equiv="Content-Type" content="text/html; charset=utf-8" /> <title>Authenticating against Django’s user database from Apache — Django 1.4.18 documentation</title> <link rel="stylesheet" href="../_static/default.css" type="text/css" /> <link rel="stylesheet" href="../_static/pygments.css" type="text/css" /> <script type="text/javascript"> var DOCUMENTATION_OPTIONS = { URL_ROOT: '../', VERSION: '1.4.18', COLLAPSE_INDEX: false, FILE_SUFFIX: '.html', HAS_SOURCE: true }; </script> <script type="text/javascript" src="../_static/jquery.js"></script> <script type="text/javascript" src="../_static/underscore.js"></script> <script type="text/javascript" src="../_static/doctools.js"></script> <link rel="top" title="Django 1.4.18 documentation" href="../index.html" /> <link rel="up" title="“How-to” guides" href="index.html" /> <link rel="next" title="Authentication using REMOTE_USER" href="auth-remote-user.html" /> <link rel="prev" title="“How-to” guides" href="index.html" /> <script type="text/javascript" src="../templatebuiltins.js"></script> <script type="text/javascript"> (function($) { if (!django_template_builtins) { // templatebuiltins.js missing, do nothing. return; } $(document).ready(function() { // Hyperlink Django template tags and filters var base = "../ref/templates/builtins.html"; if (base == "#") { // Special case for builtins.html itself base = ""; } // Tags are keywords, class '.k' $("div.highlight\\-html\\+django span.k").each(function(i, elem) { var tagname = $(elem).text(); if ($.inArray(tagname, django_template_builtins.ttags) != -1) { var fragment = tagname.replace(/_/, '-'); $(elem).html("<a href='" + base + "#" + fragment + "'>" + tagname + "</a>"); } }); // Filters are functions, class '.nf' $("div.highlight\\-html\\+django span.nf").each(function(i, elem) { var filtername = $(elem).text(); if ($.inArray(filtername, django_template_builtins.tfilters) != -1) { var fragment = filtername.replace(/_/, '-'); $(elem).html("<a href='" + base + "#" + fragment + "'>" + filtername + "</a>"); } }); }); })(jQuery); </script> </head> <body> <div class="document"> <div id="custom-doc" class="yui-t6"> <div id="hd"> <h1><a href="../index.html">Django 1.4.18 documentation</a></h1> <div id="global-nav"> <a title="Home page" href="../index.html">Home</a> | <a title="Table of contents" href="../contents.html">Table of contents</a> | <a title="Global index" href="../genindex.html">Index</a> | <a title="Module index" href="../py-modindex.html">Modules</a> </div> <div class="nav"> « <a href="index.html" title="&#8220;How-to&#8221; guides">previous</a> | <a href="index.html" title="&#8220;How-to&#8221; guides" accesskey="U">up</a> | <a href="auth-remote-user.html" title="Authentication using <tt class="docutils literal"><span class="pre">REMOTE_USER</span></tt>">next</a> »</div> </div> <div id="bd"> <div id="yui-main"> <div class="yui-b"> <div class="yui-g" id="howto-apache-auth"> <div class="section" id="s-authenticating-against-django-s-user-database-from-apache"> <span id="authenticating-against-django-s-user-database-from-apache"></span><h1>Authenticating against Django’s user database from Apache<a class="headerlink" href="#authenticating-against-django-s-user-database-from-apache" title="Permalink to this headline">¶</a></h1> <div class="admonition warning"> <p class="first admonition-title">Warning</p> <p class="last">Support for mod_python has been deprecated within Django. At that time, this method of authentication will no longer be provided by Django. The community is welcome to offer its own alternate solutions using WSGI middleware or other approaches.</p> </div> <p>Since keeping multiple authentication databases in sync is a common problem when dealing with Apache, you can configuring Apache to authenticate against Django’s <a class="reference internal" href="../topics/auth.html"><em>authentication system</em></a> directly. For example, you could:</p> <ul class="simple"> <li>Serve static/media files directly from Apache only to authenticated users.</li> <li>Authenticate access to a <a class="reference external" href="http://subversion.tigris.org/">Subversion</a> repository against Django users with a certain permission.</li> <li>Allow certain users to connect to a WebDAV share created with <a class="reference external" href="http://httpd.apache.org/docs/2.0/mod/mod_dav.html">mod_dav</a>.</li> </ul> <div class="section" id="s-configuring-apache"> <span id="configuring-apache"></span><h2>Configuring Apache<a class="headerlink" href="#configuring-apache" title="Permalink to this headline">¶</a></h2> <p>To check against Django’s authorization database from a Apache configuration file, you’ll need to use mod_python’s <tt class="docutils literal"><span class="pre">PythonAuthenHandler</span></tt> directive along with the standard <tt class="docutils literal"><span class="pre">Auth*</span></tt> and <tt class="docutils literal"><span class="pre">Require</span></tt> directives:</p> <div class="highlight-apache"><div class="highlight"><pre><span class="nt"><Location</span> <span class="s">/example/</span><span class="nt">></span> <span class="nb">AuthType</span> Basic <span class="nb">AuthName</span> <span class="s2">"example.com"</span> <span class="nb">Require</span> valid-user <span class="nb">SetEnv</span> DJANGO_SETTINGS_MODULE mysite.settings <span class="nb">PythonAuthenHandler</span> django.contrib.auth.handlers.modpython <span class="nt"></Location></span> </pre></div> </div> <div class="admonition-using-the-authentication-handler-with-apache-2-2 admonition"> <p class="first admonition-title">Using the authentication handler with Apache 2.2</p> <p>If you’re using Apache 2.2, you’ll need to take a couple extra steps.</p> <p>You’ll need to ensure that <tt class="docutils literal"><span class="pre">mod_auth_basic</span></tt> and <tt class="docutils literal"><span class="pre">mod_authz_user</span></tt> are loaded. These might be compiled statically into Apache, or you might need to use <tt class="docutils literal"><span class="pre">LoadModule</span></tt> to load them dynamically (as shown in the example at the bottom of this note).</p> <p>You’ll also need to insert configuration directives that prevent Apache from trying to use other authentication modules, as well as specifying the <tt class="docutils literal"><span class="pre">AuthUserFile</span></tt> directive and pointing it to <tt class="docutils literal"><span class="pre">/dev/null</span></tt>. Depending on which other authentication modules you have loaded, you might need one or more of the following directives:</p> <div class="highlight-apache"><div class="highlight"><pre><span class="nb">AuthBasicAuthoritative</span> <span class="k">Off</span> <span class="nb">AuthDefaultAuthoritative</span> <span class="k">Off</span> <span class="nb">AuthzLDAPAuthoritative</span> <span class="k">Off</span> <span class="nb">AuthzDBMAuthoritative</span> <span class="k">Off</span> <span class="nb">AuthzDefaultAuthoritative</span> <span class="k">Off</span> <span class="nb">AuthzGroupFileAuthoritative</span> <span class="k">Off</span> <span class="nb">AuthzOwnerAuthoritative</span> <span class="k">Off</span> <span class="nb">AuthzUserAuthoritative</span> <span class="k">Off</span> </pre></div> </div> <p>A complete configuration, with differences between Apache 2.0 and Apache 2.2 marked in bold, would look something like:</p> <pre class="last literal-block"> <strong>LoadModule auth_basic_module modules/mod_auth_basic.so</strong> <strong>LoadModule authz_user_module modules/mod_authz_user.so</strong> ... <Location /example/> AuthType Basic AuthName "example.com" <strong>AuthUserFile /dev/null</strong> <strong>AuthBasicAuthoritative Off</strong> Require valid-user SetEnv DJANGO_SETTINGS_MODULE mysite.settings PythonAuthenHandler django.contrib.auth.handlers.modpython </Location> </pre> </div> <p>By default, the authentication handler will limit access to the <tt class="docutils literal"><span class="pre">/example/</span></tt> location to users marked as staff members. You can use a set of <tt class="docutils literal"><span class="pre">PythonOption</span></tt> directives to modify this behavior:</p> <table class="docutils"> <colgroup> <col width="44%" /> <col width="56%" /> </colgroup> <thead valign="bottom"> <tr class="row-odd"><th class="head"><tt class="docutils literal"><span class="pre">PythonOption</span></tt></th> <th class="head">Explanation</th> </tr> </thead> <tbody valign="top"> <tr class="row-even"><td><tt class="docutils literal"><span class="pre">DjangoRequireStaffStatus</span></tt></td> <td><p class="first">If set to <tt class="docutils literal"><span class="pre">on</span></tt> only “staff” users (i.e. those with the <tt class="docutils literal"><span class="pre">is_staff</span></tt> flag set) will be allowed.</p> <p class="last">Defaults to <tt class="docutils literal"><span class="pre">on</span></tt>.</p> </td> </tr> <tr class="row-odd"><td><tt class="docutils literal"><span class="pre">DjangoRequireSuperuserStatus</span></tt></td> <td><p class="first">If set to <tt class="docutils literal"><span class="pre">on</span></tt> only superusers (i.e. those with the <tt class="docutils literal"><span class="pre">is_superuser</span></tt> flag set) will be allowed.</p> <p class="last">Defaults to <tt class="docutils literal"><span class="pre">off</span></tt>.</p> </td> </tr> <tr class="row-even"><td><tt class="docutils literal"><span class="pre">DjangoPermissionName</span></tt></td> <td><p class="first">The name of a permission to require for access. See <a class="reference internal" href="../topics/auth.html#custom-permissions"><em>custom permissions</em></a> for more information.</p> <p class="last">By default no specific permission will be required.</p> </td> </tr> </tbody> </table> <p>Note that sometimes <tt class="docutils literal"><span class="pre">SetEnv</span></tt> doesn’t play well in this mod_python configuration, for reasons unknown. If you’re having problems getting mod_python to recognize your <tt class="docutils literal"><span class="pre">DJANGO_SETTINGS_MODULE</span></tt>, you can set it using <tt class="docutils literal"><span class="pre">PythonOption</span></tt> instead of <tt class="docutils literal"><span class="pre">SetEnv</span></tt>. Therefore, these two Apache directives are equivalent:</p> <div class="highlight-python"><pre>SetEnv DJANGO_SETTINGS_MODULE mysite.settings PythonOption DJANGO_SETTINGS_MODULE mysite.settings</pre> </div> </div> </div> </div> </div> </div> <div class="yui-b" id="sidebar"> <div class="sphinxsidebar"> <div class="sphinxsidebarwrapper"> <h3><a href="../contents.html">Table Of Contents</a></h3> <ul> <li><a class="reference internal" href="#">Authenticating against Django’s user database from Apache</a><ul> <li><a class="reference internal" href="#configuring-apache">Configuring Apache</a></li> </ul> </li> </ul> <h3>Browse</h3> <ul> <li>Prev: <a href="index.html">“How-to” guides</a></li> <li>Next: <a href="auth-remote-user.html">Authentication using <tt class="docutils literal"><span class="pre">REMOTE_USER</span></tt></a></li> </ul> <h3>You are here:</h3> <ul> <li> <a href="../index.html">Django 1.4.18 documentation</a> <ul><li><a href="index.html">“How-to” guides</a> <ul><li>Authenticating against Django’s user database from Apache</li></ul> </li></ul> </li> </ul> <h3>This Page</h3> <ul class="this-page-menu"> <li><a href="../_sources/howto/apache-auth.txt" rel="nofollow">Show Source</a></li> </ul> <div id="searchbox" style="display: none"> <h3>Quick search</h3> <form class="search" action="../search.html" method="get"> <input type="text" name="q" /> <input type="submit" value="Go" /> <input type="hidden" name="check_keywords" value="yes" /> <input type="hidden" name="area" value="default" /> </form> <p class="searchtip" style="font-size: 90%"> Enter search terms or a module, class or function name. </p> </div> <script type="text/javascript">$('#searchbox').show(0);</script> </div> </div> <h3>Last update:</h3> <p class="topless">Jan 15, 2015</p> </div> </div> <div id="ft"> <div class="nav"> « <a href="index.html" title="&#8220;How-to&#8221; guides">previous</a> | <a href="index.html" title="&#8220;How-to&#8221; guides" accesskey="U">up</a> | <a href="auth-remote-user.html" title="Authentication using <tt class="docutils literal"><span class="pre">REMOTE_USER</span></tt>">next</a> »</div> </div> </div> <div class="clearer"></div> </div> </body> </html>