"grego(a)spiekerpoint.com" wrote : | I'm not sure I fully understand the relationship between login-config.xml and client/auth.conf yet. I'm going to see if I can find more documentation on that. I have tried this both with an entry for SPDB in auth.conf and without an entry there, and it doesn't make a difference either way... | There is no relationship other than that credentials obtained from the client jaas configuration(auth.conf) are propagated to the server by the invocation transport and need to be valid in the target ejb security domain jaas config(login-config.xml). See: http://docs.jboss.com/jbossas/guides/j2eeguide/r2/en/html_single/#ch8.cha... View the original post : http://www.jboss.com/index.html?module=bb&op=viewtopic&p=3992433#... Reply to the post : http://www.jboss.com/index.html?module=bb&op=posting&mode=reply&a...