You can authenticate users with your own mechanism (instead of the standard one) but still make Apache think that the user was authenticated by the standard mechanism. Set the username with:

$r->connection->user('username');

Now you can use this information, for example, during logging, so that you can have your "username" passed as if it was transmitted to Apache through HTTP authentication.