X-Git-Url: http://git.argeo.org/?a=blobdiff_plain;f=org.argeo.cms%2Fsrc%2Forg%2Fargeo%2Fcms%2Finternal%2Fkernel%2Fjaas-ipa.cfg;h=52bf4c37567456048d55a19d441dd27d21ae6d09;hb=5f71a84cb6ad1383c97f16a1aa6fd63f9464509a;hp=690bfc198c258c9bc0b6f7ad203f06c9dfba301a;hpb=76a7e65ffa515c0dbd7a5587b29ffc9bba449542;p=lgpl%2Fargeo-commons.git

diff --git a/org.argeo.cms/src/org/argeo/cms/internal/kernel/jaas-ipa.cfg b/org.argeo.cms/src/org/argeo/cms/internal/kernel/jaas-ipa.cfg
index 690bfc198..52bf4c375 100644
--- a/org.argeo.cms/src/org/argeo/cms/internal/kernel/jaas-ipa.cfg
+++ b/org.argeo.cms/src/org/argeo/cms/internal/kernel/jaas-ipa.cfg
@@ -1,17 +1,30 @@
 USER {
     org.argeo.cms.auth.HttpSessionLoginModule sufficient;
-    com.sun.security.auth.module.Krb5LoginModule optional clearPass=true;
+    org.argeo.cms.auth.SpnegoLoginModule optional;
+    com.sun.security.auth.module.Krb5LoginModule optional;
     org.argeo.cms.auth.IpaLoginModule requisite;
 };
 
-ANONYMOUS {
-    org.argeo.cms.auth.UserAdminLoginModule requisite anonymous=true;
+DATA_ADMIN {
+    org.argeo.cms.auth.DataAdminLoginModule requisite;
 };
 
-DATA_ADMIN {
+NODE {
+    com.sun.security.auth.module.Krb5LoginModule optional
+     keyTab="${osgi.instance.area}node/krb5.keytab" 
+     useKeyTab=true
+     storeKey=true
+     debug=true;
     org.argeo.cms.auth.DataAdminLoginModule requisite;
 };
 
+SINGLE_USER {
+    com.sun.security.auth.module.Krb5LoginModule optional
+     storeKey=true
+     debug=true;
+    org.argeo.cms.auth.SingleUserLoginModule requisite;
+};
+
 KEYRING {
     org.argeo.cms.auth.KeyringLoginModule required;
 };
@@ -19,3 +32,4 @@ KEYRING {
 Jackrabbit {
    org.argeo.security.jackrabbit.SystemJackrabbitLoginModule requisite;
 };
+