USER {
- org.argeo.cms.auth.HttpLoginModule requisite;
- org.argeo.cms.auth.UserAdminLoginModule requisite;
- org.argeo.cms.auth.NodeUserLoginModule requisite;
+ org.argeo.cms.auth.HttpSessionLoginModule sufficient;
+ org.argeo.cms.auth.SpnegoLoginModule optional;
+ com.sun.security.auth.module.Krb5LoginModule optional;
+ org.argeo.cms.auth.UserAdminLoginModule sufficient;
};
-ANONYMOUS {
- org.argeo.cms.auth.UserAdminLoginModule requisite anonymous=true;
- org.argeo.cms.auth.NodeUserLoginModule requisite;
+DATA_ADMIN {
+ org.argeo.cms.auth.DataAdminLoginModule requisite;
};
-SYSTEM {
- org.argeo.security.core.SystemLoginModule requisite;
-};
-
-KERNEL {
- org.argeo.cms.internal.auth.KernelLoginModule requisite;
-};
-
-HARDENED_KERNEL {
- com.sun.security.auth.module.UnixLoginModule requisite;
- com.sun.security.auth.module.KeyStoreLoginModule requisite keyStoreURL="${osgi.instance.area}/node.p12" keyStoreType=PKCS12;
- org.argeo.cms.internal.auth.KernelLoginModule requisite;
+NODE {
+ com.sun.security.auth.module.Krb5LoginModule optional
+ keyTab="${osgi.instance.area}node/krb5.keytab"
+ useKeyTab=true
+ storeKey=true
+ debug=true;
+ org.argeo.cms.auth.DataAdminLoginModule requisite;
};
KEYRING {
- org.argeo.util.security.KeyringLoginModule required;
+ org.argeo.cms.auth.KeyringLoginModule required;
};
SINGLE_USER {
- com.sun.security.auth.module.UnixLoginModule requisite;
+ com.sun.security.auth.module.Krb5LoginModule optional
+ principal="${user.name}"
+ storeKey=true
+ useTicketCache=true
+ debug=true;
org.argeo.cms.auth.SingleUserLoginModule requisite;
};