We are looking at the same text, but reading it very differently: "and subsequent LoginModules also try to use it. If authentication fails"
I read it as subsequent LoginModules try to authenticate using the password already supplied (because the next sentence is 'If authentication falis'). It looks like the default JBoss LoginModules check useFirstPass, and then if it exists and a cached password exists, don't authenticate at all and just return true. To put it another way, any 'subsequent LoginModule' that is a JBoss implementation will never have authentication fail (if useFirstPass=true and there is a cached password), and so will never perform the second part of the useFirstPass=true specification: "If authentication fails, the LoginModules prompt for a new password and retry the authentication. " View the original post : http://www.jboss.org/index.html?module=bb&op=viewtopic&p=3858564#3858564 Reply to the post : http://www.jboss.org/index.html?module=bb&op=posting&mode=reply&p=3858564 ------------------------------------------------------- SF email is sponsored by - The IT Product Guide Read honest & candid reviews on hundreds of IT Products from real users. Discover which products truly live up to the hype. Start reading now. http://productguide.itmanagersjournal.com/ _______________________________________________ JBoss-user mailing list [EMAIL PROTECTED] https://lists.sourceforge.net/lists/listinfo/jboss-user
