In case when some login module should use password stacking then value of password-stacking option should be set to useFirstPass. All login modules should respect it. However implemetation of org.jboss.security.ClientLoginModule uses password-stacking differently - it uses password stacking everytime when some value is set for password-stacking option (even value false). It should work same as other login modules. Current behavior can be confusing and can lead to incorrectly set server configuration.
Ryan Emerson <remerson> updated the status of jira SECURITY-903 to Resolved
This bug was accidentally moved from POST to MODIFIED via an error in automation, please see mmccune with any questions
Verified with EAP 6.4.12.CP.CR1;
Retroactively bulk-closing issues from released EAP 6.4 cummulative patches.