As long as each different user is on a different client thread you can use programmatic login without the need to call logout.
But it is not clear what the authentication/authorization requirements of your EJB's on Machine A are.
What Guarantees does InitialContext authentication provide you in your design. In GlassFish you can force authentication for NameService (InitialContext) access.
AdminGUI->Server-Config->ORB
There is a check-box IIOP Client Authentication Required. If this box is checked then all Client accesses would require Username/Password and by default you will be prompted for username/password. Or in the ACC configuration you can specify a callbackhandler which can provide the username and password by other means.
also see if this is of any help
:
http://blogs.sun.com/nithya/entry/accessing_orb_service_securely_in
[Message sent by forum member 'kumarjayanti']
http://forums.java.net/jive/thread.jspa?messageID=476781