Still no answer after almost three years?;-)
At the moment I have exactly the same problem. How can I pass the credentials from a clientside login via the Krb5LoginModule to jboss to access an EJB?
I can't say I have anything resembling an answer, but I'd have to theoretically ask the question:
Can you populate Context.SECURITY_CREDENTIALS in your environment properties when you invoke the EJB?
You could have a different login module in your EJBs designed to accept Kerberos credentials. The question is primarily then how you can obtain the credentials necessary to populate Context.SECURITY_CREDENTIALS in your web context when you obtain the home interface to your EJB.