Improve remote authentication

[lgpl/argeo-commons.git] / org.argeo.cms / src / org / argeo / cms / internal / runtime / jaas-ipa.cfg

diff --git a/org.argeo.cms/src/org/argeo/cms/internal/runtime/jaas-ipa.cfg b/org.argeo.cms/src/org/argeo/cms/internal/runtime/jaas-ipa.cfg
index d0928aac0ff1482953ead65fedbf61b628b71239..51db582c69c091bdd7aa79036ff21005b0a9c7e8 100644 (file)
--- a/org.argeo.cms/src/org/argeo/cms/internal/runtime/jaas-ipa.cfg
+++ b/org.argeo.cms/src/org/argeo/cms/internal/runtime/jaas-ipa.cfg
@@ -1,8 +1,10 @@
 USER {
     org.argeo.cms.auth.RemoteSessionLoginModule sufficient;
     org.argeo.cms.auth.SpnegoLoginModule optional;
-    com.sun.security.auth.module.Krb5LoginModule optional tryFirstPass=true;
-    org.argeo.cms.auth.UserAdminLoginModule sufficient;
+    com.sun.security.auth.module.Krb5LoginModule optional
+     tryFirstPass=true
+     storeKey=true;
+    org.argeo.cms.auth.UserAdminLoginModule required;
 };
 
 ANONYMOUS {
@@ -16,7 +18,7 @@ DATA_ADMIN {
 
 NODE {
     com.sun.security.auth.module.Krb5LoginModule optional
-     keyTab="${osgi.instance.area}node/krb5.keytab" 
+     keyTab="${osgi.instance.area}private/krb5.keytab" 
      useKeyTab=true
      storeKey=true;
     org.argeo.cms.auth.DataAdminLoginModule requisite;