Differently implemented password-stacking option in ClientLoginModule --------------------------------------------------------------------- Key: SECURITY-903 URL: https://issues.jboss.org/browse/SECURITY-903 Project: PicketBox Issue Type: Bug Reporter: Ryan Emerson Assignee: Ryan Emerson Fix For: PicketBox_5_0_0.Alpha2 From BZ: "In case when some login module should use password stacking then value of password-stacking option should be set to useFirstPass. All login modules should respect it. However implemetation of org.jboss.security.ClientLoginModule uses password-stacking differently - it uses password stacking everytime when some value is set for password-stacking option (even value false). It should work same as other login modules. Current behavior can be confusing and can lead to incorrectly set server configuration."