I only managed to login in Jetspeed-2's login portlet (running on JBoss!) by adding the users and passwords from the HSQLDB database to the users.properties (also added the roles to the roles.properties) used by JBoss' default login module (org.jboss.security.auth.spi.UsersRolesLoginModule) - this (I assume) would be the equivalent to the tomcat-users.xml. The first question is: Why is this used rather than the org.apache.jetspeed.security.impl.DefaultLoginModule from login.conf? Is it because I haven't got the "Jetspeed" realm defined? Secondly, it seems, when I login, it's first validating against the file (using the web container) and then afterwards checking against the database. Am I understanding this correct/is this how it's supposed to work? Can someone shed some light on the design/intentions? Also, every time I login, it sets the updateRequired attribute of the credential to true and forces me to change the password. This in turn screws up authentication because then the password does not match the one in the file anymore. Any help or explanation/clarification much appreciated!
Regards, Tom --------------------------------------------------------------------- To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
