IMHO authentication works with the latest version, but the propagation of the JAAS LoginContext (ClientLoginModule) is still unsupported. This means if you call javax.ejb.EJBContext.getCallerPrincipal(), lookup javax.security.auth.Subject.container via javax.security.jacc.PolicyContext or similar you will get the default user specified in the client properties or on the remote-outbound-connection.
I'd greatly appreciate any samples on how to implement remote client calls with different authentications in AS7.