Kerberos try shared password

[lgpl/argeo-commons.git] / org.argeo.cms / src / org / argeo / cms / internal / kernel / jaas.cfg

diff --git a/org.argeo.cms/src/org/argeo/cms/internal/kernel/jaas.cfg b/org.argeo.cms/src/org/argeo/cms/internal/kernel/jaas.cfg
index 110d0e14372aedc99ecbd3f0160c3d6d254a5fff..b5a32193d8b25f78ef7475e0a5cab7d216d62753 100644 (file)
--- a/org.argeo.cms/src/org/argeo/cms/internal/kernel/jaas.cfg
+++ b/org.argeo.cms/src/org/argeo/cms/internal/kernel/jaas.cfg
@@ -1,8 +1,41 @@
-SPRING_SECURITY_CONTEXT {
-    org.argeo.security.core.SpringLoginModule required;
-    org.springframework.security.authentication.jaas.SecurityContextLoginModule required;
+USER {
+    org.argeo.cms.auth.HttpSessionLoginModule sufficient;
+    org.argeo.cms.auth.SpnegoLoginModule optional;
+    com.sun.security.auth.module.Krb5LoginModule optional tryFirstPass=true;
+    org.argeo.cms.auth.UserAdminLoginModule sufficient;
+};
+
+ANONYMOUS {
+    org.argeo.cms.auth.HttpSessionLoginModule sufficient;
+    org.argeo.cms.auth.AnonymousLoginModule sufficient;
+};
+
+DATA_ADMIN {
+    org.argeo.cms.auth.DataAdminLoginModule requisite;
+};
+
+NODE {
+    com.sun.security.auth.module.Krb5LoginModule optional
+     keyTab="${osgi.instance.area}node/krb5.keytab" 
+     useKeyTab=true
+     storeKey=true
+     debug=true;
+    org.argeo.cms.auth.DataAdminLoginModule requisite;
 };
 
 KEYRING {
-    org.argeo.security.crypto.KeyringLoginModule required;
+    org.argeo.cms.auth.KeyringLoginModule required;
+};
+
+SINGLE_USER {
+    com.sun.security.auth.module.Krb5LoginModule optional
+     principal="${user.name}"
+     storeKey=true
+     useTicketCache=true
+     debug=true;
+    org.argeo.cms.auth.SingleUserLoginModule requisite;
+};
+
+Jackrabbit {
+   org.argeo.security.jackrabbit.SystemJackrabbitLoginModule requisite;
 };