46 lines
1.8 KiB
Plaintext
46 lines
1.8 KiB
Plaintext
=========================================================
|
|
Authenticating against Django's user database from Apache
|
|
=========================================================
|
|
|
|
Since keeping multiple authentication databases in sync is a common problem when
|
|
dealing with Apache, you can configuring Apache to authenticate against Django's
|
|
:doc:`authentication system </topics/auth>` directly. This requires Apache
|
|
version >= 2.2 and mod_wsgi >= 2.0. For example, you could:
|
|
|
|
* Serve static/media files directly from Apache only to authenticated users.
|
|
|
|
* Authenticate access to a Subversion_ repository against Django users with
|
|
a certain permission.
|
|
|
|
* Allow certain users to connect to a WebDAV share created with mod_dav_.
|
|
|
|
.. _Subversion: http://subversion.tigris.org/
|
|
.. _mod_dav: http://httpd.apache.org/docs/2.2/mod/mod_dav.html
|
|
|
|
Configuring Apache
|
|
==================
|
|
|
|
To check against Django's authorization database from a Apache configuration
|
|
file, you'll need to set 'wsgi' as the value of ``AuthBasicProvider`` or
|
|
``AuthDigestProvider`` directive and then use the ``WSGIAuthUserScript``
|
|
directive to set the path to your authentification script:
|
|
|
|
.. code-block:: apache
|
|
|
|
<Location /example/>
|
|
AuthType Basic
|
|
AuthName "example.com"
|
|
AuthBasicProvider wsgi
|
|
WSGIAuthUserScript /usr/local/wsgi/scripts/auth.wsgi
|
|
Require valid-user
|
|
</Location>
|
|
|
|
Your auth.wsgi script will have to implement either a
|
|
``check_password(environ, user, password)`` function (for ``AuthBasicProvider``)
|
|
or a ``get_realm_hash(environ, user, realm)`` function (for ``AuthDigestProvider``).
|
|
|
|
See the `mod_wsgi documentation`_ for more details about the implementation
|
|
of such a solution.
|
|
|
|
.. _mod_wsgi documentation: http://code.google.com/p/modwsgi/wiki/AccessControlMechanisms#Apache_Authentication_Provider
|