I do not think it is right for a login module to have sasl server semantics. This is because JAAS->LM->SASL Server. The right thing to do is: SASL->JAAS So may be the right thing to do for JBoss 4.x is to have a sasl enabled security manager implementation, something like the current JaasSecurityManager that is plugged into the JaasSecurityManagerService. Of course for JBoss5, we will find a better sasl enabled solution. View the original post : http://www.jboss.com/index.html?module=bb&op=viewtopic&p=4047665#... Reply to the post : http://www.jboss.com/index.html?module=bb&op=posting&mode=reply&a...