1
0
mirror of https://github.com/django/django.git synced 2025-10-24 06:06:09 +00:00

Added mod_python authentication handler and document on authenticating against Django's auth database from Apache

git-svn-id: http://code.djangoproject.com/svn/django/trunk@1495 bcc190cf-cafb-0310-a4f2-bffc1f526a37
This commit is contained in:
Jacob Kaplan-Moss
2005-11-29 18:26:07 +00:00
parent e1b107b192
commit ae76186a4f
2 changed files with 105 additions and 0 deletions

62
docs/apache_auth.txt Normal file
View File

@@ -0,0 +1,62 @@
=========================================================
Authenticating against Django's user database from Apache
=========================================================
Since keeping multiple authentication databases in sync is a common problem when
dealing with Apache, you can configuring Apache to authenticate against Django's
`authentication system`_ directly. For example, you could:
* Serve media files directly from Apache only to authenticated users.
* Authenticate access to a Subversion_ repository against Django users with
a certain permission.
* Allow certain users to connect to a WebDAV share created with mod_dav_.
Configuring Apache
==================
To check against Django's authorization database from a Apache configuration
file, you'll need to use mod_python's ``PythonAuthenHandler`` directive along
with the standard ``Auth*`` and ``Require`` directives::
<Location /example/>
AuthType basic
AuthName "example.com"
Require valid-user
SetEnv DJANGO_SETTINGS_MODULE mysite.settings
PythonAuthenHandler django.core.handlers.modpython
</Location>
By default, the authentication handler will limit access to the ``/example/``
location to users marked as staff members. You can use a set of
``PythonOption`` directives to modify this behavior::
================================ =========================================
``PythonOption`` Explanation
================================ =========================================
``DjangoRequireStaffStatus`` If set to ``on`` only "staff" users (i.e.
those with the ``is_staff`` flag set)
will be allowed.
Defaults to ``on``.
``DjangoRequireSuperuserStatus`` If set to ``on`` only superusers (i.e.
those with the ``is_superuser`` flag set)
will be allowed.
Defaults to ``off``.
``DjangoPermissionName`` The name of a permission to require for
access. See `custom permissions`_ for
more information.
By default no specific permission will be
required.
================================ =========================================
.. _authentication system: http://www.djangoproject.com/documentation/authentication/
.. _Subversion: http://subversion.tigris.org/
.. _mod_dav: http://httpd.apache.org/docs/2.0/mod/mod_dav.html
.. _custom permissions: http://www.djangoproject.com/documentation/authentication/#custom-permissions