In case when some login module should use password stacking then value of password-stacking option should be set to useFirstPass. All login modules should respect it. However implemetation of org.jboss.security.ClientLoginModule uses password-stacking differently - it uses password stacking everytime when some value is set for password-stacking option (even value false). It should work same as other login modules. Current behavior can be confusing and can lead to incorrectly set server configuration.
Comment 5JBoss JIRA Server
2015-09-16 09:03:05 UTC
Ryan Emerson <remerson> updated the status of jira SECURITY-903 to Resolved