3 Replies Latest reply on Dec 14, 2004 11:17 AM by Scott Stark

    useFirstPass option

    Scott Royston Newbie

      From Sun's JAAS faq http://java.sun.com/security/jaas/faq.html:

      Q: What are the standard LoginModule-specific options I can use?
      A: We haven't published a standard list, but here is a list of options commonly used. Note that the following is simply a guideline. Modules are free to support a subset (or none) of the following options.

      tryFirstPass=true - The first LoginModule in the stack saves the password entered, and subsequent LoginModules also try to use it. If authentication fails, the LoginModules prompt for a new password and retry the authentication.
      useFirstPass=true - The first LoginModule in the stack saves the password entered, and subsequent LoginModules also try to use it. LoginModules do not prompt for a new password if authentication fails (authentication simply fails).



      However, it seems the JBoss LoginModule implementations interpret useFirstPass as 'Do not authenticate again'. Am I missing something?

      Thanks