Rename remote auth interfaces

[lgpl/argeo-commons.git] / org.argeo.cms / src / org / argeo / cms / internal / kernel / jaas-ipa.cfg

diff --git a/org.argeo.cms/src/org/argeo/cms/internal/kernel/jaas-ipa.cfg b/org.argeo.cms/src/org/argeo/cms/internal/kernel/jaas-ipa.cfg
index 38fe3705f26b2f4c4b942dd47d9b1adf50f2a733..cf16719bd0c3470b96c5f60e798b284cb56bd6b7 100644 (file)
--- a/org.argeo.cms/src/org/argeo/cms/internal/kernel/jaas-ipa.cfg
+++ b/org.argeo.cms/src/org/argeo/cms/internal/kernel/jaas-ipa.cfg
@@ -1,12 +1,17 @@
 USER {
-    org.argeo.cms.auth.HttpSessionLoginModule sufficient;
+    org.argeo.cms.auth.RemoteSessionLoginModule sufficient;
     org.argeo.cms.auth.SpnegoLoginModule optional;
-    com.sun.security.auth.module.Krb5LoginModule optional;
-    org.argeo.cms.auth.IpaLoginModule requisite;
+    com.sun.security.auth.module.Krb5LoginModule optional tryFirstPass=true;
+    org.argeo.cms.auth.UserAdminLoginModule sufficient;
+};
+
+ANONYMOUS {
+    org.argeo.cms.auth.RemoteSessionLoginModule sufficient;
+    org.argeo.cms.auth.AnonymousLoginModule sufficient;
 };
 
 DATA_ADMIN {
-    org.argeo.cms.auth.DataAdminLoginModule requisite;
+    org.argeo.api.DataAdminLoginModule requisite;
 };
 
 NODE {
@@ -14,21 +19,22 @@ NODE {
      keyTab="${osgi.instance.area}node/krb5.keytab" 
      useKeyTab=true
      storeKey=true;
-    org.argeo.cms.auth.DataAdminLoginModule requisite;
+    org.argeo.api.DataAdminLoginModule requisite;
+};
+
+KEYRING {
+    org.argeo.cms.auth.KeyringLoginModule required;
 };
 
 SINGLE_USER {
     com.sun.security.auth.module.Krb5LoginModule optional
+     principal="${user.name}"
      storeKey=true
+     useTicketCache=true
      debug=true;
     org.argeo.cms.auth.SingleUserLoginModule requisite;
 };
 
-KEYRING {
-    org.argeo.cms.auth.KeyringLoginModule required;
-};
-
 Jackrabbit {
    org.argeo.security.jackrabbit.SystemJackrabbitLoginModule requisite;
 };
-