USER {
- org.argeo.cms.auth.HttpLoginModule requisite;
- org.argeo.cms.auth.UserAdminLoginModule requisite;
- org.argeo.cms.auth.NodeUserLoginModule requisite;
+ org.argeo.cms.auth.HttpSessionLoginModule sufficient;
+ org.argeo.cms.auth.SpnegoLoginModule optional;
+ com.sun.security.auth.module.Krb5LoginModule optional tryFirstPass=true;
+ org.argeo.cms.auth.UserAdminLoginModule sufficient;
};
ANONYMOUS {
- org.argeo.cms.auth.UserAdminLoginModule requisite anonymous=true;
- org.argeo.cms.auth.NodeUserLoginModule requisite;
+ org.argeo.cms.auth.HttpSessionLoginModule sufficient;
+ org.argeo.cms.auth.AnonymousLoginModule sufficient;
};
DATA_ADMIN {
org.argeo.cms.auth.DataAdminLoginModule requisite;
};
-SYSTEM {
+NODE {
+ com.sun.security.auth.module.Krb5LoginModule optional
+ keyTab="${osgi.instance.area}node/krb5.keytab"
+ useKeyTab=true
+ storeKey=true
+ debug=true;
org.argeo.cms.auth.DataAdminLoginModule requisite;
};
-KERNEL {
- org.argeo.cms.internal.auth.KernelLoginModule requisite;
-};
-
-HARDENED_KERNEL {
- com.sun.security.auth.module.UnixLoginModule requisite;
- com.sun.security.auth.module.KeyStoreLoginModule requisite keyStoreURL="${osgi.instance.area}/node.p12" keyStoreType=PKCS12;
- org.argeo.cms.internal.auth.KernelLoginModule requisite;
-};
-
KEYRING {
org.argeo.cms.auth.KeyringLoginModule required;
};
SINGLE_USER {
- com.sun.security.auth.module.UnixLoginModule requisite;
+ com.sun.security.auth.module.Krb5LoginModule optional
+ principal="${user.name}"
+ storeKey=true
+ useTicketCache=true
+ debug=true;
org.argeo.cms.auth.SingleUserLoginModule requisite;
};
projects / lgpl / argeo-commons.git / blobdiff