X-Git-Url: https://git.argeo.org/?a=blobdiff_plain;f=org.argeo.cms%2Fsrc%2Forg%2Fargeo%2Fcms%2Finternal%2Fruntime%2Fjaas-ipa.cfg;h=0ef142f4aed07132db1d29a7145a1df5b5ede851;hb=e75cf778a87f1b2ef7cfc57339ccbf9657282e92;hp=c7c804c649ef13b561e57d3611301c9f9c07faaf;hpb=f4da6777015da3fc392138f0c01cea2f2add9ed3;p=lgpl%2Fargeo-commons.git

diff --git a/org.argeo.cms/src/org/argeo/cms/internal/runtime/jaas-ipa.cfg b/org.argeo.cms/src/org/argeo/cms/internal/runtime/jaas-ipa.cfg
index c7c804c64..0ef142f4a 100644
--- a/org.argeo.cms/src/org/argeo/cms/internal/runtime/jaas-ipa.cfg
+++ b/org.argeo.cms/src/org/argeo/cms/internal/runtime/jaas-ipa.cfg
@@ -1,8 +1,10 @@
 USER {
     org.argeo.cms.auth.RemoteSessionLoginModule sufficient;
     org.argeo.cms.auth.SpnegoLoginModule optional;
-    com.sun.security.auth.module.Krb5LoginModule optional tryFirstPass=true;
-    org.argeo.cms.auth.UserAdminLoginModule sufficient;
+    com.sun.security.auth.module.Krb5LoginModule optional
+     tryFirstPass=true
+     storeKey=true;
+    org.argeo.cms.auth.UserAdminLoginModule required;
 };
 
 ANONYMOUS {
@@ -16,7 +18,7 @@ DATA_ADMIN {
 
 NODE {
     com.sun.security.auth.module.Krb5LoginModule optional
-     keyTab="${osgi.instance.area}node/krb5.keytab" 
+     keyTab="${osgi.instance.area}private/krb5.keytab" 
      useKeyTab=true
      storeKey=true;
     org.argeo.cms.auth.DataAdminLoginModule requisite;
@@ -28,11 +30,10 @@ KEYRING {
 
 SINGLE_USER {
     com.sun.security.auth.module.Krb5LoginModule optional
-     principal="${user.name}"
      storeKey=true
-     useTicketCache=true
-     debug=true;
-    org.argeo.cms.auth.SingleUserLoginModule requisite;
+     useTicketCache=true;
+    org.argeo.cms.auth.SingleUserLoginModule required;
+    org.argeo.cms.auth.UserAdminLoginModule optional;
 };
 
 Jackrabbit {