Cheers cgriffith, Well I have a custom login module (same) on both the tomcat side (common/lib) and the jboss side (lib). Tomcat points to the login conf file through the java option -Djava.security.auth.login.config and to jboss application server -Djava.naming.provider.url. On the tomcat login conf I have the org.jboss.security.ClientLoginModule required so to chain the authentication to jboss with the option of multi-threaded = "true and password-stacking = "useFirstPass". As I said before if multi-threaded is set to false it works perfectly, set to true it works intermittently. Thanks View the original post : http://www.jboss.com/index.html?module=bb&op=viewtopic&p=3965165#... Reply to the post : http://www.jboss.com/index.html?module=bb&op=posting&mode=reply&a...