The ds xml file needs to have the following two:
- Username/Cred
- Security Domain Name
Typically the security domain underneath has one of the many JCA login modules. Primarily the SecureIdentityLoginModule is used which is configured with a username/cred. So basically, the username/cred configured in the SILM is added to the subject that is popped into the ManagedConnectionFactory (that JCA uses to deal with EIS).
So why do we need username/cred in the ds.xml, it is for cases when you want to use your own homegrown login module (that is not part of the JBoss JCA login modules).