LdapLoginModule allows access when JUST the username is entered (NO Password entered). -------------------------------------------------------------------------------------- Key: JBAS-3783 URL: http://jira.jboss.com/jira/browse/JBAS-3783 Project: JBoss Application Server Issue Type: Bug Security Level: Public (Everyone can see) Components: Security Affects Versions: JBossAS-4.0.4.GA, JBossAS-4.0.3 Final Environment: This issue is was tested and is known to be present in Linux and SUN platforms. Reporter: Mark Burgeson Assigned To: Scott M Stark LdapLoginModule is enabled for LDAP Group authentication. As expected, access is allowed when a valid username/password is supplied and the user belongs to the LDAP group. In addition, access is allowed when JUST the username is entered, without the password, and the user belongs to the LDAP group. This appears to be a bug. -- This message is automatically generated by JIRA. - If you think it was sent incorrectly contact one of the administrators: http://jira.jboss.com/jira/secure/Administrators.jspa - For more information on JIRA, see: http://www.atlassian.com/software/jira