=========================================================
Authenticating against Django's user database from Apache
=========================================================

Since keeping multiple authentication databases in sync is a common problem when
dealing with Apache, you can configuring Apache to authenticate against Django's
:doc:`authentication system </topics/auth>` directly. This requires Apache
version >= 2.2 and mod_wsgi >= 2.0. For example, you could:

* Serve static/media files directly from Apache only to authenticated users.

* Authenticate access to a Subversion_ repository against Django users with
  a certain permission.

* Allow certain users to connect to a WebDAV share created with mod_dav_.

.. _Subversion: http://subversion.tigris.org/
.. _mod_dav: http://httpd.apache.org/docs/2.2/mod/mod_dav.html

Configuring Apache
==================

To check against Django's authorization database from a Apache configuration
file, you'll need to set 'wsgi' as the value of ``AuthBasicProvider`` or
``AuthDigestProvider`` directive and then use the ``WSGIAuthUserScript``
directive to set the path to your authentification script:

.. code-block:: apache

    <Location /example/>
        AuthType Basic
        AuthName "example.com"
        AuthBasicProvider wsgi
        WSGIAuthUserScript /usr/local/wsgi/scripts/auth.wsgi
        Require valid-user
    </Location>

Your auth.wsgi script will have to implement either a
``check_password(environ, user, password)`` function (for ``AuthBasicProvider``)
or a ``get_realm_hash(environ, user, realm)`` function (for ``AuthDigestProvider``).

See the `mod_wsgi documentation`_ for more details about the implementation
of such a solution.

.. _mod_wsgi documentation: http://code.google.com/p/modwsgi/wiki/AccessControlMechanisms#Apache_Authentication_Provider