Hi,
the documentation http://www.jboss.org/file-access/default/members/jbossas/freezone/docs/Server_Configuration_Guide/4/html/The_JBoss_Security_Extension_Architecture-How_the_JaasSecurityManager_Uses_JAAS.html makes it clear:
ClientLoginModule: This is the default client side module that simply binds the username and password to the JBoss EJB invocation layer for later authentication on the server. The identity of the client is not authenticated on the client.
If you need to perform client-side authentication of users you would need to configure another login module in addition to the ClientLoginModule.