Starting in version 1.6, security is a feature of the Pentaho BI Platform. Prior to this version, security was only available in the Pentaho Professional BI Platform (now called the Subscription Edition).
Furthermore, this document is relevant only to the Pentaho Professional BI Platform version 1.2.1 or later or the Pentaho BI Platform version 1.6 or later. See the Pentaho Professional BI Platform version 1.2.0 security documentation if you're using Pentaho Professional BI Platform version 1.2.0. (You can find the version you are running in several ways: (1) look at the log when the Pentaho BI Platform starts or (2) look at the bottom right of any page within the Pentaho BI Platform.)
In the shipping implementation of the Pentaho BI Platform there is an implementation of a login page. This page is defined in the form of a java server page located your applications server deployment directory in pentaho.war/jsp/Login.jsp. For instance, in the pre-configured install it would be located at /pentaho-preconfiguredinstall/server/default/deploy/pentaho.war/jsp/Login.jsp.
As currently shipped the login JSP is branded for Pentaho and contains a drop down menu with default users and passwords. These items (and others) can be changed by editing the Login.jsp.
In pentaho.war/jsp/Login.jsp, comment out or remove the following HTML and code.
In server/default/deploy/jboss-portal.sar/portal-server.war/login.jsp, comment out or remove the following HTML and code.
This removes the drop down menu and its title text in the login area.
In Login.jsp, comment out or remove the following HTML and code. Note that formatting may be slightly different.
This will remove the Pentaho branding from the left side of the login page.
All strings in Login.jsp have been localized. Open com.pentaho.locale.messages*.properties to edit the strings. Strings used in the login page generally are named UI.USER_LOGIN_* or UI.USER_*.
Implementors are free to change the Login.jsp as they see fit. The heart of the currently implemented Login.jsp is in the <form> tag. It is recommended that users examine this code in order to make their own replacement Login.jsp work correctly.