Index: lams_central/src/java/org/lamsfoundation/lams/security/UniversalLoginModule.java
===================================================================
RCS file: /usr/local/cvsroot/lams_central/src/java/org/lamsfoundation/lams/security/UniversalLoginModule.java,v
diff -u -r1.14.2.1 -r1.14.2.2
--- lams_central/src/java/org/lamsfoundation/lams/security/UniversalLoginModule.java	18 Sep 2007 07:20:59 -0000	1.14.2.1
+++ lams_central/src/java/org/lamsfoundation/lams/security/UniversalLoginModule.java	25 Sep 2007 07:21:31 -0000	1.14.2.2
@@ -129,12 +129,6 @@
 						return false;
 					}
 				}
-
-				// disabled users can't login
-				if (user.getDisabledFlag()) {
-					log.debug("===> user is disabled.");
-					return false;
-				}
 				
 				// allow sysadmin to login as another user; in this case, the LAMS shared session
 				// will be present, allowing the following check to work
@@ -167,6 +161,15 @@
 						return false;
 					}
 				}
+				
+				// disabled users can't login;
+				// check after authentication to give non-db authentication methods
+				// a chance to update disabled flag
+				if (user.getDisabledFlag()) {
+					log.debug("===> user is disabled.");
+					return false;
+				}
+				
 				//if login is valid, register userDTO into session.
 				if(isValid){
 					HttpSession sharedsession = SessionManager.getSession();