In a multi-realm authentication (PAM) scenarios, Shiro's default has always been to employ an AllSuccessful authentication strategy, meaning every single realm that is configured must process an AuthenticationToken successfully for the overall login attempt to be considered successful.
In the majority of apps I've encountered, this is rarely the desired strategy. People usually want to try multiple realms, and, if at least one is successful, then consider the attempt successful. By the number of questions on the Grails user list related to enabling this strategy, it seems to confirm my beliefs. I'd like to change the default strategy to be AtLeastOneSuccessful strategy, which would enable this behavior as the default moving forward. Any objections to me changing this? Thanks, Les
