X-Git-Url: https://git.argeo.org/?a=blobdiff_plain;f=org.argeo.cms%2Fsrc%2Forg%2Fargeo%2Fcms%2Finternal%2Fkernel%2Fjaas-ipa.cfg;h=c7c804c649ef13b561e57d3611301c9f9c07faaf;hb=549ff25baf9371d910065303e22daf49321b517a;hp=33c556f57cbe411e3cc604d1807ab5135e74311b;hpb=a2ad417ed1d0219ac29d70ae985939764c13ce38;p=lgpl%2Fargeo-commons.git

diff --git a/org.argeo.cms/src/org/argeo/cms/internal/kernel/jaas-ipa.cfg b/org.argeo.cms/src/org/argeo/cms/internal/kernel/jaas-ipa.cfg
index 33c556f57..c7c804c64 100644
--- a/org.argeo.cms/src/org/argeo/cms/internal/kernel/jaas-ipa.cfg
+++ b/org.argeo.cms/src/org/argeo/cms/internal/kernel/jaas-ipa.cfg
@@ -1,20 +1,40 @@
 USER {
-    com.sun.security.auth.module.Krb5LoginModule required clearPass=true;
-    org.argeo.cms.auth.IpaLoginModule requisite;
+    org.argeo.cms.auth.RemoteSessionLoginModule sufficient;
+    org.argeo.cms.auth.SpnegoLoginModule optional;
+    com.sun.security.auth.module.Krb5LoginModule optional tryFirstPass=true;
+    org.argeo.cms.auth.UserAdminLoginModule sufficient;
 };
 
 ANONYMOUS {
-    org.argeo.cms.auth.UserAdminLoginModule requisite anonymous=true;
+    org.argeo.cms.auth.RemoteSessionLoginModule sufficient;
+    org.argeo.cms.auth.AnonymousLoginModule sufficient;
 };
 
 DATA_ADMIN {
     org.argeo.cms.auth.DataAdminLoginModule requisite;
 };
 
+NODE {
+    com.sun.security.auth.module.Krb5LoginModule optional
+     keyTab="${osgi.instance.area}node/krb5.keytab" 
+     useKeyTab=true
+     storeKey=true;
+    org.argeo.cms.auth.DataAdminLoginModule requisite;
+};
+
 KEYRING {
     org.argeo.cms.auth.KeyringLoginModule required;
 };
 
+SINGLE_USER {
+    com.sun.security.auth.module.Krb5LoginModule optional
+     principal="${user.name}"
+     storeKey=true
+     useTicketCache=true
+     debug=true;
+    org.argeo.cms.auth.SingleUserLoginModule requisite;
+};
+
 Jackrabbit {
    org.argeo.security.jackrabbit.SystemJackrabbitLoginModule requisite;
 };