1 files changed, 120 insertions, 0 deletions
diff --git a/parts/django/docs/howto/apache-auth.txt b/parts/django/docs/howto/apache-auth.txt
new file mode 100644
index 0000000..2ebae0b
--- /dev/null
+++ b/parts/django/docs/howto/apache-auth.txt
@@ -0,0 +1,120 @@
+=========================================================
+Authenticating against Django's user database from Apache
+=========================================================
+
+Since keeping multiple authentication databases in sync is a common problem when
+dealing with Apache, you can configuring Apache to authenticate against Django's
+:doc:`authentication system </topics/auth>` directly. For example, you
+could:
+
+    * Serve static/media files directly from Apache only to authenticated users.
+
+    * Authenticate access to a Subversion_ repository against Django users with
+      a certain permission.
+
+    * Allow certain users to connect to a WebDAV share created with mod_dav_.
+
+.. _Subversion: http://subversion.tigris.org/
+.. _mod_dav: http://httpd.apache.org/docs/2.0/mod/mod_dav.html
+
+Configuring Apache
+==================
+
+To check against Django's authorization database from a Apache configuration
+file, you'll need to use mod_python's ``PythonAuthenHandler`` directive along
+with the standard ``Auth*`` and ``Require`` directives:
+
+.. code-block:: apache
+
+    <Location /example/>
+        AuthType Basic
+        AuthName "example.com"
+        Require valid-user
+
+        SetEnv DJANGO_SETTINGS_MODULE mysite.settings
+        PythonAuthenHandler django.contrib.auth.handlers.modpython
+    </Location>
+
+.. admonition:: Using the authentication handler with Apache 2.2
+
+    If you're using Apache 2.2, you'll need to take a couple extra steps.
+
+    You'll need to ensure that ``mod_auth_basic`` and ``mod_authz_user``
+    are loaded. These might be compiled statically into Apache, or you might
+    need to use ``LoadModule`` to load them dynamically (as shown in the
+    example at the bottom of this note).
+
+    You'll also need to insert configuration directives that prevent Apache
+    from trying to use other authentication modules, as well as specifying
+    the ``AuthUserFile`` directive and pointing it to ``/dev/null``. Depending
+    on which other authentication modules you have loaded, you might need one
+    or more of the following directives:
+
+    .. code-block:: apache
+
+        AuthBasicAuthoritative Off
+        AuthDefaultAuthoritative Off
+        AuthzLDAPAuthoritative Off
+        AuthzDBMAuthoritative Off
+        AuthzDefaultAuthoritative Off
+        AuthzGroupFileAuthoritative Off
+        AuthzOwnerAuthoritative Off
+        AuthzUserAuthoritative Off
+
+    A complete configuration, with differences between Apache 2.0 and
+    Apache 2.2 marked in bold, would look something like:
+
+    .. parsed-literal::
+
+        **LoadModule auth_basic_module modules/mod_auth_basic.so**
+        **LoadModule authz_user_module modules/mod_authz_user.so**
+
+        ...
+
+        <Location /example/>
+            AuthType Basic
+            AuthName "example.com"
+            **AuthUserFile /dev/null**
+            **AuthBasicAuthoritative Off**
+            Require valid-user
+
+            SetEnv DJANGO_SETTINGS_MODULE mysite.settings
+            PythonAuthenHandler django.contrib.auth.handlers.modpython
+        </Location>
+
+By default, the authentication handler will limit access to the ``/example/``
+location to users marked as staff members.  You can use a set of
+``PythonOption`` directives to modify this behavior:
+
+    ================================  =========================================
+    ``PythonOption``                  Explanation
+    ================================  =========================================
+    ``DjangoRequireStaffStatus``      If set to ``on`` only "staff" users (i.e.
+                                      those with the ``is_staff`` flag set)
+                                      will be allowed.
+
+                                      Defaults to ``on``.
+
+    ``DjangoRequireSuperuserStatus``  If set to ``on`` only superusers (i.e.
+                                      those with the ``is_superuser`` flag set)
+                                      will be allowed.
+
+                                      Defaults to ``off``.
+
+    ``DjangoPermissionName``          The name of a permission to require for
+                                      access. See :ref:`custom permissions
+                                      <custom-permissions>` for more
+                                      information.
+
+                                      By default no specific permission will be
+                                      required.
+    ================================  =========================================
+
+Note that sometimes ``SetEnv`` doesn't play well in this mod_python
+configuration, for reasons unknown. If you're having problems getting
+mod_python to recognize your ``DJANGO_SETTINGS_MODULE``, you can set it using
+``PythonOption`` instead of ``SetEnv``. Therefore, these two Apache directives
+are equivalent::
+
+    SetEnv DJANGO_SETTINGS_MODULE mysite.settings
+    PythonOption DJANGO_SETTINGS_MODULE mysite.settings