X-Git-Url: http://git.argeo.org/?a=blobdiff_plain;ds=sidebyside;f=org.argeo.cms%2Fsrc%2Forg%2Fargeo%2Fcms%2Finternal%2Fkernel%2Fjaas-ipa.cfg;h=1d43afd9af8fe59b87f33b0f46cbc3b0035f1c25;hb=7954fac52a6e7db11d9240cfbea85017c5612f19;hp=550de107484ebc3764b125889ac6a61247832efe;hpb=3714331f776988facff3632d86ad3f6d6352220c;p=lgpl%2Fargeo-commons.git

diff --git a/org.argeo.cms/src/org/argeo/cms/internal/kernel/jaas-ipa.cfg b/org.argeo.cms/src/org/argeo/cms/internal/kernel/jaas-ipa.cfg
index 550de1074..1d43afd9a 100644
--- a/org.argeo.cms/src/org/argeo/cms/internal/kernel/jaas-ipa.cfg
+++ b/org.argeo.cms/src/org/argeo/cms/internal/kernel/jaas-ipa.cfg
@@ -1,21 +1,29 @@
 USER {
     org.argeo.cms.auth.HttpSessionLoginModule sufficient;
     org.argeo.cms.auth.SpnegoLoginModule optional;
-    com.sun.security.auth.module.Krb5LoginModule optional;
-    org.argeo.cms.auth.IpaLoginModule requisite;
+    com.sun.security.auth.module.Krb5LoginModule optional tryFirstPass=true;
+    org.argeo.cms.auth.UserAdminLoginModule sufficient;
+};
+
+ANONYMOUS {
+    org.argeo.cms.auth.HttpSessionLoginModule sufficient;
+    org.argeo.cms.auth.AnonymousLoginModule sufficient;
 };
 
 DATA_ADMIN {
-    org.argeo.cms.auth.DataAdminLoginModule requisite;
+    org.argeo.node.DataAdminLoginModule requisite;
 };
 
 NODE {
     com.sun.security.auth.module.Krb5LoginModule optional
      keyTab="${osgi.instance.area}node/krb5.keytab" 
      useKeyTab=true
-     storeKey=true
-     debug=true;
-    org.argeo.cms.auth.DataAdminLoginModule requisite;
+     storeKey=true;
+    org.argeo.node.DataAdminLoginModule requisite;
+};
+
+KEYRING {
+    org.argeo.cms.auth.KeyringLoginModule required;
 };
 
 SINGLE_USER {
@@ -27,11 +35,6 @@ SINGLE_USER {
     org.argeo.cms.auth.SingleUserLoginModule requisite;
 };
 
-KEYRING {
-    org.argeo.cms.auth.KeyringLoginModule required;
-};
-
 Jackrabbit {
    org.argeo.security.jackrabbit.SystemJackrabbitLoginModule requisite;
 };
-