I think there's a typo in line 109 of org.apache.openejb.core.security.jaas.PropertiesLoginModule
...
String password = users.getProperty(user);
...
if (password == null) throw new FailedLoginException("User does exist");
...
I'm pretty sure it should say "User does not exist"...
I'd be happy to file a Jira if that's appropriate.
