I changed the password in messaging-jboss-beans.xml and as recommended in another post in messaging-service.xml to a nice noncommon string but I still get:
INFO | jvm 1 | 2011/02/11 09:05:43 | 09:05:43,171 WARN [JBossASSecurityMetadataStore] WARNING! POTENTIAL SECURITY RISK. It has been detected that the MessageSucker component which sucks messages from one node to another has not had its password changed from the installation default. Please see the JBoss Messaging user guide for instructions on how to do this.
INFO | jvm 1 | 2011/02/11 09:05:43 | 09:05:43,171 ERROR [ExceptionUtil] ConnectionFactoryEndpoint[jboss.messaging.connectionfactory:service=ClusterPullConnectionFactory] createFailoverConnectionDelegate [ga-j46c81kg-1-yk3a81kg-pbt3ch-4221a]
INFO | jvm 1 | 2011/02/11 09:05:43 | javax.jms.JMSSecurityException: User JBM.SUCKER is NOT authenticated