LoginContext needs to be re-examined to see how it will work with module boundaries. It currently uses Core Reflection to invoke the handler/callback and this will require adjustments to work for the case that the handler is itself in a named module.
Here's an example error when running the JCK with a prototype build:
<Server> Authentication failed: unable to access LoginModule: Class javax.security.auth.login.LoginContext (module java.base) can not access a member of class com.sun.security.auth.module.Krb5LoginModule (module jdk.security.auth) with modifiers "public"
where the underlying error is an IllegalAccessException bring thrown by Class#newInstance because jdk.security.auth is not readable to java.base.