How are you trying to instantiate your class? As long as you make sure you're using UCL you should be able to find it (i.e. DO NOT do Class.forName())
The login module class could be succesfully loaded from my LoginContext within my web layer, however, any call to an ejb would be caught by the org.jboss.ejb.plugins.SecurityInterceptor, which calls JaasSecurityManager in the same package which tries to authenticate the user in the ejb security domain (it creates a LoginContext and attempts a login). If the login module used in this domain resides within my ear (as it did), the classloader can't find it.
I didn't find a solution to this and restorted to extending the DatabaseServerLoginModule for the ejb security domain.
On a side note I shouldn't have tried to use the same security domain for both the web and ejb layers. Rather the web layer should just use the ClientLoginModule to bind the username and credential to the SecurityAssoication allowing ejb method invocations to be made with a non null principal and role set.