We should /not/ be deploying JAAS to WEB-INF/lib& instead putting it in the JVM extensions directory. We must remove JAAS & JCE from WEB-INF/lib, since its just plain wrong according to the spec. Putting JAAS & JCE in $JAVA_HOME/jre/lib/ext will also let us remove that hack to /usr/bin/dtomcat which lets the CLASSPASTH through
the security jars have been moved out of core and into the ccm-tools RPM. They get installed at /usr/share/ccm-tools/lib/security. @37346