First of all PortalDS is not only for users. Portal objects, security and etc. is persisted there. Then rhere are two separate issues here: 1) Users management - so you can keep users in any other place. Abstraction is made by implementing UserModule and RoleModule (in 2.4) plus MembershipModule and UserProfileModule (in 2.6) 2) Authetication. JBoss Portal just plugs into JAAS in JBoss AS so in this case JBossSX. Look at login-config.xml. Portal implementation of LoginModule interface just relies on UserModule and RoleModule, and you need to inject additional role for each user (by default "Authenticated") that is used for securing Portal Servlet (look in web.xml for portal-server.war). You can use any other LoginModule implementation - just remember about portal servlet security. View the original post : http://www.jboss.com/index.html?module=bb&op=viewtopic&p=4003483#... Reply to the post : http://www.jboss.com/index.html?module=bb&op=posting&mode=reply&a...