"anil.saldhana(a)jboss.com" wrote : Question is whether the ldap login module has usage outside of spnego usecases? Yes there are uses for this login module anywhere that you would have used one of the other two login modules. I wrote it so am biased but I believe it is a cleaner implementation by avoiding some of the design restrictions inherited from the 'UsernamePasswordLoginModule' :-) This makes it much easier to separate the users authentication from the roles search logic. In addition to this the GSSAPI authentication can be used as a different mechanism to remove the password of the user performing the searches and instead place it in a keytab. The final improvement is in the recursive roles search, now instead of defining how deep to go the module can go as deep as is needed but instead detects looping to prevent an infinity recursive search. "anil.saldhana(a)jboss.com" wrote : | The other thing is that 4.x security is frozen. So we are not adding any new features there. | | Since negotiation is a drop in use in 4.x and 5.x of AS, I think for the time being, the LM can stay in negotiation. Ok if we keep it as part of the negotiation project we can then use inheritance if we want to move it later to maintain backwards compatibility. View the original post : http://www.jboss.com/index.html?module=bb&op=viewtopic&p=4194396#... Reply to the post : http://www.jboss.com/index.html?module=bb&op=posting&mode=reply&a...