X-Git-Url: https://git.argeo.org/?a=blobdiff_plain;ds=sidebyside;f=org.argeo.cms%2Fsrc%2Forg%2Fargeo%2Fcms%2Finternal%2Fkernel%2Fjaas.cfg;h=018c1bf9ca947f1376b045e9e94484fda498376e;hb=6338d85d3f970dd0eb8845693ddad90a93b99d03;hp=83d36d927695cb9a7b7226e6eddcd39ee0043da8;hpb=cf53e939cabed54ee2a3074afcf22417fbdf364d;p=lgpl%2Fargeo-commons.git

diff --git a/org.argeo.cms/src/org/argeo/cms/internal/kernel/jaas.cfg b/org.argeo.cms/src/org/argeo/cms/internal/kernel/jaas.cfg
index 83d36d927..018c1bf9c 100644
--- a/org.argeo.cms/src/org/argeo/cms/internal/kernel/jaas.cfg
+++ b/org.argeo.cms/src/org/argeo/cms/internal/kernel/jaas.cfg
@@ -1,6 +1,13 @@
 USER {
     org.argeo.cms.auth.HttpSessionLoginModule sufficient;
-    org.argeo.cms.auth.UserAdminLoginModule requisite;
+    org.argeo.cms.auth.SpnegoLoginModule optional;
+    com.sun.security.auth.module.Krb5LoginModule optional tryFirstPass=true;
+    org.argeo.cms.auth.UserAdminLoginModule sufficient;
+};
+
+ANONYMOUS {
+    org.argeo.cms.auth.HttpSessionLoginModule sufficient;
+    org.argeo.cms.auth.AnonymousLoginModule sufficient;
 };
 
 DATA_ADMIN {
@@ -8,6 +15,10 @@ DATA_ADMIN {
 };
 
 NODE {
+    com.sun.security.auth.module.Krb5LoginModule optional
+     keyTab="${osgi.instance.area}node/krb5.keytab" 
+     useKeyTab=true
+     storeKey=true;
     org.argeo.cms.auth.DataAdminLoginModule requisite;
 };
 
@@ -16,7 +27,11 @@ KEYRING {
 };
 
 SINGLE_USER {
-    com.sun.security.auth.module.UnixLoginModule requisite;
+    com.sun.security.auth.module.Krb5LoginModule optional
+     principal="${user.name}"
+     storeKey=true
+     useTicketCache=true
+     debug=true;
     org.argeo.cms.auth.SingleUserLoginModule requisite;
 };