With the control plane concept, applied to auth, we want application users separate from broker users.

An acceptor can have a realm, and we can respect existing subjects, however we need to figure a way to allow an application to configure a realm (properties or ldap etc) and have the broker still retain its realm.

This may require two login configs or concatenation or embedded config... not sure, we need to investigate and figure this out.