X-Git-Url: https://git.argeo.org/?a=blobdiff_plain;f=org.argeo.cms%2Fsrc%2Forg%2Fargeo%2Fcms%2Finternal%2Fkernel%2Fjaas.cfg;h=b5a32193d8b25f78ef7475e0a5cab7d216d62753;hb=cb4261f3f607cc03cbcbc0b4e1da9bde58c0e67d;hp=c8033b1bd7bf070ef605d17ee48005beb47f2288;hpb=998f2785e9571572c21117da28fbd1d681cc33a4;p=lgpl%2Fargeo-commons.git

diff --git a/org.argeo.cms/src/org/argeo/cms/internal/kernel/jaas.cfg b/org.argeo.cms/src/org/argeo/cms/internal/kernel/jaas.cfg
index c8033b1bd..b5a32193d 100644
--- a/org.argeo.cms/src/org/argeo/cms/internal/kernel/jaas.cfg
+++ b/org.argeo.cms/src/org/argeo/cms/internal/kernel/jaas.cfg
@@ -1,24 +1,41 @@
 USER {
-    org.argeo.cms.internal.auth.EndUserLoginModule requisite;
-    org.springframework.security.authentication.jaas.SecurityContextLoginModule requisite;
+    org.argeo.cms.auth.HttpSessionLoginModule sufficient;
+    org.argeo.cms.auth.SpnegoLoginModule optional;
+    com.sun.security.auth.module.Krb5LoginModule optional tryFirstPass=true;
+    org.argeo.cms.auth.UserAdminLoginModule sufficient;
 };
 
 ANONYMOUS {
-    org.argeo.cms.internal.auth.AnonymousLoginModule requisite;
-    org.springframework.security.authentication.jaas.SecurityContextLoginModule requisite;
+    org.argeo.cms.auth.HttpSessionLoginModule sufficient;
+    org.argeo.cms.auth.AnonymousLoginModule sufficient;
 };
 
-SYSTEM {
-    org.argeo.cms.internal.auth.SystemLoginModule requisite;
-    org.springframework.security.authentication.jaas.SecurityContextLoginModule requisite;
+DATA_ADMIN {
+    org.argeo.cms.auth.DataAdminLoginModule requisite;
+};
+
+NODE {
+    com.sun.security.auth.module.Krb5LoginModule optional
+     keyTab="${osgi.instance.area}node/krb5.keytab" 
+     useKeyTab=true
+     storeKey=true
+     debug=true;
+    org.argeo.cms.auth.DataAdminLoginModule requisite;
 };
 
 KEYRING {
-    org.argeo.security.crypto.KeyringLoginModule required;
+    org.argeo.cms.auth.KeyringLoginModule required;
 };
 
 SINGLE_USER {
-    com.sun.security.auth.module.UnixLoginModule requisite;
-    org.argeo.cms.internal.auth.SingleUserLoginModule requisite;
-    org.springframework.security.authentication.jaas.SecurityContextLoginModule requisite;
+    com.sun.security.auth.module.Krb5LoginModule optional
+     principal="${user.name}"
+     storeKey=true
+     useTicketCache=true
+     debug=true;
+    org.argeo.cms.auth.SingleUserLoginModule requisite;
+};
+
+Jackrabbit {
+   org.argeo.security.jackrabbit.SystemJackrabbitLoginModule requisite;
 };