[ https://issues.jboss.org/browse/TEIID-2863?page=com.atlassian.jira.plugin... ] Ramesh Reddy commented on TEIID-2863: ------------------------------------- After little more investigation, yes there is no need for secondary domain at all, we can define one security-domain that defines the KRB or any other and stack the roles login module along with it. I will remove the separate "krb5-domain" attribute from the configuration. Once this attribute is removed, there is requirement to identify "security-domain" as kerberoes or not, so that server can assert as such to the clients. To accomplish that I suggest we take simple naming approach, where if the name ends with "-krb5" we can treat as such. I am not sure if there are any other methods on LoginContext to ask if it is kerberoes based auth? -- This message is automatically generated by JIRA. If you think it was sent incorrectly, please contact your JIRA administrators For more information on JIRA, see: http://www.atlassian.com/software/jira