I just stumbled upon the anonymous user and that is virtually impossible to delete it, as it is recreated on every repository start. It is also not possible to change the password for the anonymous user. So the only chance to get the site secured is to disable the anonymous user, so nobody can login as anonymous.
If I do that, I can no longer use the jackrabbit command line tool (connecting via davex) as this always uses the anonymous user to initially connect against the repository. So I either have an unsecured webapplication or I can no longer browse my data through davex :-( Any way out of this misery? Thanks, Markus
