thanks for the reply, but taking out the principal and credentials from the auth.conf file didn't change the outcome. when I hit a protected url, I'm prompted for the username and password, and if I input my username with a null password, it still let's me in.
checking the jboss logs, i get this information when i first hit the url : [DEBUG,LdapLoginModule] Bad password for username=null which seems to mean that first it tries to access the resource as an anonymous user, then if that fails, i'm prompted with the dialog box. using the jboss 2.4.4 documentation, page 261 says that the java.naming.security.principal and java.naming.security.credentials properties are allowed for authenticating the caller to the service. i thought this was required if you're not allowing anonymous queries and needed to bind as a user in order to authenticate with the desired username. any other ideas on why this could be happening? -----Original Message----- From: Scott M Stark [mailto:[EMAIL PROTECTED]] Sent: Friday, May 24, 2002 11:58 AM To: [EMAIL PROTECTED] Subject: Re: [JBoss-user] LdapLoginModule null password Because you are supplying the credentials to use in the configuration. Neither > java.naming.security.principal="cn=admin,dc=mybpc,dc=net" > java.naming.security.credentials="xxxxxx" should be in the configuration. These are generated based on the caller principal and credentials, but if you sepecify them and then do not provide this info you have defined a default login for everyone. Where in the docs does it say to include these? xxxxxxxxxxxxxxxxxxxxxxxx Scott Stark Chief Technology Officer JBoss Group, LLC xxxxxxxxxxxxxxxxxxxxxxxx _______________________________________________________________ Don't miss the 2002 Sprint PCS Application Developer's Conference August 25-28 in Las Vegas -- http://devcon.sprintpcs.com/adp/index.cfm _______________________________________________ JBoss-user mailing list [EMAIL PROTECTED] https://lists.sourceforge.net/lists/listinfo/jboss-user _______________________________________________________________ Don't miss the 2002 Sprint PCS Application Developer's Conference August 25-28 in Las Vegas -- http://devcon.sprintpcs.com/adp/index.cfm _______________________________________________ JBoss-user mailing list [EMAIL PROTECTED] https://lists.sourceforge.net/lists/listinfo/jboss-user