Ok, I think I have it all figured out now. Here's a simple diagram to explain it:
Client RSAkey[secret,public] = random()
Client RSAkey[public] -> LoginServer
LoginServer AESKey = random()
Client <- encrypt(RSAKey[public], AESKey) LoginServer
Client encrypt(AESKey, login/password) -> LoginServer
Client <- validate(login,password) LoginServer
Client login -> GameServer login -> LoginServer
GameServer <- RSAkey[public] LoginServer
GameServer TestString = random()
Client <- EncTestString <- encrypt(RSAkey[public], TestString) GameServer
Client decrypt(RSAkey[secret], EncTestString) -> DecTestString -> GameServer
Client <- validate(DecTestString == TestString) or kick GameServer