When using the admin console if you view the SSL page for an unencrypted orb-listener and then save changes to something (even a change at the ORB level) then the following gets added to the domain.xml for the <iiop-listener ...>
<ssl classname="com.sun...GlassfishSSLImpl" cert-nickname=""></ssl>
This does not effect the unencrypted nature of the iiop-listener but does seem to turn on required client authentication for the listener.
The net effect of this is that unauthenticated connections to the listener get rejected with a CORBA_NO_PERMISSION exception.
I've raised the same issue against the admin console: GLASSFISH-17471
This may be an intended behaviour for the iiop-listener (ie just a bug with the admin-console) but I though it may be wize to raise it on the orb as well.