Differently implemented password-stacking option in ClientLoginModule --------------------------------------------------------------------- Key: SECURITY-900 URL: https://issues.jboss.org/browse/SECURITY-900 Project: PicketBox Issue Type: Bug Affects Versions: PicketBox_4_9_2.Final Reporter: Ondrej Lukas In case when some login module should use password stacking then value of password-stacking option should be set to useFirstPass. All login modules should respect it. However implemetation of org.jboss.security.ClientLoginModule uses password-stacking differently - it uses password stacking everytime when some value is set for password-stacking option (even value false). It should work same as other login modules. Current behavior can be confusing and can lead to incorrectly set server configuration.