In case of a web tier, you should configure the client-login module in login-config.xml instead of auth.conf
The login-config.xml file in $JBOSS_HOME\server\default\conf has been set up with the login module used on the server layer (a custom one that is an extension of UsernamePasswordLoginModule. Is that the login-config file you are referring to?
Just in case I was not able to clearly explain our setup - Our application consists of the following tiers:
Web Tier (Struts) ==> POJO API Tier ==> EJB Tier
The login logic is all within the POJO API Tier.