django1/docs/howto/apache-auth.txt

46 lines
1.8 KiB
Plaintext

=========================================================
Authenticating against Django's user database from Apache
=========================================================
Since keeping multiple authentication databases in sync is a common problem when
dealing with Apache, you can configuring Apache to authenticate against Django's
:doc:`authentication system </topics/auth>` directly. This requires Apache
version >= 2.2 and mod_wsgi >= 2.0. For example, you could:
* Serve static/media files directly from Apache only to authenticated users.
* Authenticate access to a Subversion_ repository against Django users with
a certain permission.
* Allow certain users to connect to a WebDAV share created with mod_dav_.
.. _Subversion: http://subversion.tigris.org/
.. _mod_dav: http://httpd.apache.org/docs/2.2/mod/mod_dav.html
Configuring Apache
==================
To check against Django's authorization database from a Apache configuration
file, you'll need to set 'wsgi' as the value of ``AuthBasicProvider`` or
``AuthDigestProvider`` directive and then use the ``WSGIAuthUserScript``
directive to set the path to your authentification script:
.. code-block:: apache
<Location /example/>
AuthType Basic
AuthName "example.com"
AuthBasicProvider wsgi
WSGIAuthUserScript /usr/local/wsgi/scripts/auth.wsgi
Require valid-user
</Location>
Your auth.wsgi script will have to implement either a
``check_password(environ, user, password)`` function (for ``AuthBasicProvider``)
or a ``get_realm_hash(environ, user, realm)`` function (for ``AuthDigestProvider``).
See the `mod_wsgi documentation`_ for more details about the implementation
of such a solution.
.. _mod_wsgi documentation: http://code.google.com/p/modwsgi/wiki/AccessControlMechanisms#Apache_Authentication_Provider