Hi all, I've got an EJB that I have managed to secure using LDAP. I've got a standalone client that can connect, login and invoke methods on the EJB. That's all good. However, I also have a webservice. The webservice takes three parameters with two of the parameters being the username and password to use (principal and credentials) to invoke the method on the EJB. The webservice method sets java.naming.security.principal and java.naming.security.credentials in the call to InitialContext, but it always fails. What am I missing that I need to do? For the client to work, I had to create a jndi.properties file with the relevant settings in and an auth.conf file to specify the security domain to use. But I don't know if I have to (or how to if I do) do that for the webservice. Thanks for any help! View the original post : http://www.jboss.com/index.html?module=bb&op=viewtopic&p=4197175#... Reply to the post : http://www.jboss.com/index.html?module=bb&op=posting&mode=reply&a...