Can I ask has anyone managed to encrypt the bindCredential within the login-config.xml It seems like a serious security issue having plain text passwords. Is this really the only way to allow users to login using the "sAMAccountName" rather than the DN which uses the CN value. It would seem like a common thing to do, and potentially a hassle should the admin password be compromised the settings have to be changed and the server reset. Any input would be grateful. Andy View the original post : http://www.jboss.com/index.html?module=bb&op=viewtopic&p=4076200#... Reply to the post : http://www.jboss.com/index.html?module=bb&op=posting&mode=reply&a...