it depends on where your login module is looking the authentication details.
If you are working on the JBM defaults, it reads the users and roles from two files: messaging-roles.properties and messaging-users.properties.
These files should be available under deploy/jboss-messaging.sar (until JBM 1.2.x version. I am not sure their location once scoping was removed from 1.3.x. Do search on them).
You should be able to add the usernames/passwords/roles in these files.
However, if you are are using DatabaseLoginModule (check your login-config.xml to see what the application-policy "messaging" is point to), then they exist in JBM_USER and JBM_ROLE tables.