Section 2.2.3 describes enabling security service for the jmx console.
Following the steps exactly on my installation results in perpetual HTTP 401 responses from the web server, correct username-password-be-damned.
None of the log files were modified during this authentication attempt. As far as I can tell, no files anywhere in the server's hierarchy were modified -- now clue about why this problem occurs or how to debug it -- IT JUST DOESN'T WORK -- and I have to give up and try a different product now, but if someone can give me a good way to get some info, maybe I'll spend some more time looking into this.