Hi,

Looking at the code I've come to the realization that we simply need to remove the username, and
password which exists in the server.xml file.  Embedders should not have to authenticate.  Instead it's
best to allow for the creation of LdapPrincipals from any piece of authorized code to stuff requests
with the appropriate principals.  This way the protocol providers and embedders can create the admin
principal and manage the server.

However we definitely need a security manager to prevent unauthorized access to critical resources
in the server to prevent stored procedures for example in this case from masquerading as other users.

How we do this with dyamism is a bit unclear for me but it's just about doing some research and planning
to figure out what critical resources to protect.  For now all I know is this issue is not cool and perhaps
totally unnecessary.  Secondly it ties us to JNDI.  I'm going to wack both problems for now until JNDI
is out of the way and revisit it once the dust settles to reveal a clearer picture.

Alex