Same problem here. Using JAAS on remote client.

Remote Client Code:

{code}       
            loginContext = new LoginContext("client-login", new UsernamePasswordHandler(username, password.getBytes()));
 
            loginContext.login();
            service = ... // get the remote service
            service.doSomething();
{code}

Remote Client auth.conf:

{code}
client-login {
   org.jboss.security.ClientLoginModule required;
}
{code}

jboss-app.xml in ear:

{code}
<jboss-app>
  <security-domain>my-security-domain</security-domain>
</jboss-app>
{code}

AS7 standalone configuration file:

{code}
        <subsystem xmlns="urn:jboss:domain:security:1.1">
            <security-domains>
                <security-domain name="my-security-domain" cache-type="default">
                    <authentication>
                        <login-module code="Database" flag="required">
                            <module-option name="dsJndiName" value="...."/>
                            <module-option name="principalsQuery" value="...."/>
                            <module-option name="rolesQuery" value="...."/>
                            <module-option name="hashAlgorithm" value="SHA"/>
                            <module-option name="hashEncoding" value="BASE64"/>
                        </login-module>
                    </authentication>
                </security-domain>
            </security-domains>
        </subsystem>
{code}

Exception in the server log

{code}
....throws javax.ejb.EJBAccessException: javax.ejb.EJBAccessException: Invalid User
        at org.jboss.as.ejb3.security.SecurityContextInterceptor$1.run(SecurityContextInterceptor.java:54) [jboss-as-ejb
3-7.1.0.CR1b.jar:7.1.0.CR1b]
        at org.jboss.as.ejb3.security.SecurityContextInterceptor$1.run(SecurityContextInterceptor.java:45) [jboss-as-ejb
3-7.1.0.CR1b.jar:7.1.0.CR1b]
        at java.security.AccessController.doPrivileged(Native Method) [:1.7.0_02]
        at org.jboss.as.ejb3.security.SecurityContextInterceptor.processInvocation(SecurityContextInterceptor.java:74) [
jboss-as-ejb3-7.1.0.CR1b.jar:7.1.0.CR1b]
        at org.jboss.invocation.InterceptorContext.proceed(InterceptorContext.java:288) [jboss-invocation-1.1.1.Final.ja
r:1.1.1.Final]
        at org.jboss.as.ee.component.NamespaceContextInterceptor.processInvocation(NamespaceContextInterceptor.java:50)
[jboss-as-ee-7.1.0.CR1b.jar:7.1.0.CR1b]
        at org.jboss.invocation.InterceptorContext.proceed(InterceptorContext.java:288) [jboss-invocation-1.1.1.Final.ja
r:1.1.1.Final]
        at org.jboss.as.ee.component.TCCLInterceptor.processInvocation(TCCLInterceptor.java:45) [jboss-as-ee-7.1.0.CR1b.
jar:7.1.0.CR1b]
        at org.jboss.invocation.InterceptorContext.proceed(InterceptorContext.java:288) [jboss-invocation-1.1.1.Final.ja
r:1.1.1.Final]
        at org.jboss.as.ejb3.component.interceptors.LoggingInterceptor.processInvocation(LoggingInterceptor.java:57) [jb
oss-as-ejb3-7.1.0.CR1b.jar:7.1.0.CR1b]
        at org.jboss.invocation.InterceptorContext.proceed(InterceptorContext.java:288) [jboss-invocation-1.1.1.Final.ja
r:1.1.1.Final]
        at org.jboss.invocation.ChainedInterceptor.processInvocation(ChainedInterceptor.java:61) [jboss-invocation-1.1.1
.Final.jar:1.1.1.Final]
        at org.jboss.as.ee.component.ViewService$View.invoke(ViewService.java:165) [jboss-as-ee-7.1.0.CR1b.jar:7.1.0.CR1
b]
        at org.jboss.as.ejb3.remote.protocol.versionone.MethodInvocationMessageHandler.invokeMethod(MethodInvocationMess
ageHandler.java:283) [jboss-as-ejb3-7.1.0.CR1b.jar:7.1.0.CR1b]
        at org.jboss.as.ejb3.remote.protocol.versionone.MethodInvocationMessageHandler.access$200(MethodInvocationMessag
eHandler.java:61) [jboss-as-ejb3-7.1.0.CR1b.jar:7.1.0.CR1b]
        at org.jboss.as.ejb3.remote.protocol.versionone.MethodInvocationMessageHandler$1.run(MethodInvocationMessageHand
ler.java:191) [jboss-as-ejb3-7.1.0.CR1b.jar:7.1.0.CR1b]
        at java.util.concurrent.Executors$RunnableAdapter.call(Executors.java:471) [:1.7.0_02]
        at java.util.concurrent.FutureTask$Sync.innerRun(FutureTask.java:334) [:1.7.0_02]
        at java.util.concurrent.FutureTask.run(FutureTask.java:166) [:1.7.0_02]
        at java.util.concurrent.ThreadPoolExecutor.runWorker(ThreadPoolExecutor.java:1110) [:1.7.0_02]
        at java.util.concurrent.ThreadPoolExecutor$Worker.run(ThreadPoolExecutor.java:603) [:1.7.0_02]
        at java.lang.Thread.run(Thread.java:722) [:1.7.0_02]
        at org.jboss.threads.JBossThread.run(JBossThread.java:122) [jboss-threads-2.0.0.GA.jar:2.0.0.GA]
{code}

Any ideas?

This is not currently possible, the ClientLoginModule is not compatible with the SASL mechanism used to negotiate the connection in AS7 - theoretically it could be made compatible so feel free to raise a feature request in Jira.

So what's the recommended way to do remote client SASL login? Tried class org.jboss.security.client.JBossSecurityClient, but get this error on 7.1.0.CR1b:

{code}
java.lang.RuntimeException: PB00002: Not Yet Implemented:Not Implemented
          at org.jboss.security.client.JBossSecurityClient.peformSASLLogin(JBossSecurityClient.java:59)
          at org.jboss.security.client.SecurityClient.login(SecurityClient.java:72)
{code}