To summarize...
1) Go to "/Configuration/Security". Note the Default Realm (which, by default, is "file").
2) Also in "/Configuration/Security", make sure "Default Principal to Role Mapping" is checked(!). Otherwise, you have to include a sun-web.xml deployment descriptor with Hudson to map between a role-name (admin) and a principal-name/group-name.
3) Go to the Default Realm ("file" by default, /Configuration/Security/Realms/file).
4) Click "manage users"
5) Add a new user
6) Create an user. Choose any name you like.
7) Set a password
8) Make sure the group is set to "admin".
9) Deploy hudson.war
It's very important that you deploy hudson.war after you completed step 2, because changing this setting does not affect applications that are already deployed.
[Message sent by forum member 'kohsuke' (kohsuke)]
http://forums.java.net/jive/thread.jspa?messageID=214574