// Put login modules providing authentication and realm mappings
// for security domains.


simple {
    // Very simple login module: 
    // any user name is accepted.
    // password should either coincide with user name or be null, 
    // all users have role "guest", 
    // users with non-null password also have role "user"
    org.jboss.security.auth.spi.SimpleServerLoginModule required;
};

// Used by clients within the application server VM such as
// mbeans and servlets that access EJBs.
client-login {
    org.jboss.security.ClientLoginModule required;
};

// The default server login module
other {
    // A simple server login module, which can be used when the number 
    // of users is relatively small. It uses two properties files:
    //   users.properties, which holds users (key) and their password (value).
    //   roles.properties, which holds users (key) and a comma-separated list of their roles (value).
    // The unauthenticatedIdentity property defines the name of the principal
    // that will be used when a null username and password are presented as is
    // the case for an unuathenticated web client or MDB. If you don't want to
    // allow such users to be authenticated remove the property.
    org.jboss.security.auth.spi.UsersRolesLoginModule required
       unauthenticatedIdentity="nobody";

};