I have a JBoss 5.1.0 GA instance where I'm trying to use an encrypted password with a JaasSecurityDomain and I'm getting an incorrect password error message.  If I remove the jaasSecurityDomain module-option from my login-config.xml and I specify a plaintext password, the login process works fine.  I have the same setup in JBoss 4.0.5 with a JaasSecurityDomain working without any problems.  Is there anything different required with JBoss 5.1.0 to use an encrypted binding password? I've already verified that server.password exists and is the same file that I was using in Jboss 4.0.5.  Thanks.

login-config.xml:

<application-policy name="MyRealm">
        <authentication>
            <login-module code="org.jboss.security.auth.spi.LdapExtLoginModule" flag="required" >
                <module-option name="java.naming.provider.url">ldap://virtualad:389</module-option>
                <module-option name="jaasSecurityDomain">jboss.security:service=JaasSecurityDomain,domain=MyDomain</module-option>
                <module-option name="bindDN">psu@sandbox.local</module-option>
                <module-option name="bindCredential">2NUTSBGQTEkjW5g6.0CjGz</module-option>
                <module-option name="baseCtxDN">ou=Accounts,dc=sandbox,dc=local</module-option>
                <module-option name="baseFilter">(sAMAccountName={0})</module-option>

                <module-option name="rolesCtxDN">ou=Accounts,dc=sandbox,dc=local</module-option>
                <module-option name="roleFilter"><![CDATA[(&(objectclass=group)(member={1}))]]></module-option>
                <module-option name="roleAttributeID">cn</module-option>
                <module-option name="roleNameAttributeID">cn</module-option>
                <module-option name="allowEmptyPasswords">false</module-option>
                <module-option name="roleAttributeIsDN">true</module-option>
            </login-module>
            <login-module code="org.jboss.security.auth.spi.RoleMappingLoginModule"
                          flag="optional">
              <module-option name="rolesProperties">roleMappings.properties</module-option>
              <module-option name="replaceRole">false</module-option>
            </login-module>
        </authentication>
    </application-policy>

jboss-service.xml:

<!-- My JaasSecurityDomain -->
   <mbean code="org.jboss.security.plugins.JaasSecurityDomain"
      name="jboss.security:service=JaasSecurityDomain,domain=MyDomain">
      <constructor>
         <arg type="java.lang.String" value="MyDomain"></arg>
      </constructor>
      <attribute name="KeyStorePass">{CLASS}org.jboss.security.plugins.FilePassword:${jboss.server.home.dir}/conf/server.password</attribute>
      <attribute name="Salt">abcdefgh</attribute>
      <attribute name="IterationCount">13</attribute>
   </mbean>

security.log:

LoginModule Class: org.jboss.security.auth.spi.LdapExtLoginModule
ControlFlag: LoginModuleControlFlag: required
Options:
name=roleNameAttributeID, value=cn
name=roleFilter, value=(&(objectclass=group)(member={1}))
name=baseFilter, value=(sAMAccountName={0})
name=allowEmptyPasswords, value=false
name=bindCredential, value=****
name=bindDN, value=psu@sandbox.local
name=java.naming.provider.url, value=ldap://virtualad:389
name=roleAttributeID, value=cn
name=baseCtxDN, value=ou=Accounts,dc=sandbox,dc=local
name=roleAttributeIsDN, value=true
name=rolesCtxDN, value=ou=Accounts,dc=sandbox,dc=local
name=jaasSecurityDomain, value=jboss.security:service=JaasSecurityDomain,domain=MyDomain
[1]
LoginModule Class: org.jboss.security.auth.spi.RoleMappingLoginModule
ControlFlag: LoginModuleControlFlag: optional
Options:
name=rolesProperties, value=roleMappings.properties
name=replaceRole, value=false

2010-04-12 10:37:38,025 TRACE [org.jboss.security.auth.spi.LdapExtLoginModule] initialize

2010-04-12 10:37:38,025 TRACE [org.jboss.security.auth.spi.LdapExtLoginModule] Security domain: MyRealm

2010-04-12 10:37:38,025 TRACE [org.jboss.security.auth.spi.LdapExtLoginModule] login

2010-04-12 10:37:38,040 DEBUG [org.jboss.security.auth.spi.LdapExtLoginModule] Bad password for username=psu

2010-04-12 10:37:38,040 TRACE [org.jboss.security.auth.spi.RoleMappingLoginModule] initialize

2010-04-12 10:37:38,040 TRACE [org.jboss.security.auth.spi.RoleMappingLoginModule] Security domain: MyRealm

2010-04-12 10:37:38,040 TRACE [org.jboss.security.auth.spi.RoleMappingLoginModule] login

2010-04-12 10:37:38,040 TRACE [org.jboss.security.auth.spi.LdapExtLoginModule] abort

2010-04-12 10:37:38,040 TRACE [org.jboss.security.auth.spi.RoleMappingLoginModule] abort

2010-04-12 10:37:38,040 TRACE [org.jboss.security.plugins.auth.JaasSecurityManagerBase.MyRealm] Login failure

javax.security.auth.login.FailedLoginException: Password Incorrect/Password Required

    at org.jboss.security.auth.spi.UsernamePasswordLoginModule.login(UsernamePasswordLoginModule.java:252)

    at sun.reflect.NativeMethodAccessorImpl.invoke0(Native Method)

    at sun.reflect.NativeMethodAccessorImpl.invoke(NativeMethodAccessorImpl.java:39)