I have an Apache 2.2.8 server all set up with mod_authnz_ldap to
authenticate via LDAP user/password pairs. It's all SSL to the web
server, SSL between the web server and LDAP, so it's pretty secure
even though it's Basic auth. By the time the PHP script runs, the
user has already authenticated and the PHP code can trust the value of
PHP_AUTH_USER.

So, how can I NOT have PHP_AUTH_PW set? I'd kinda rather not have
people's passwords just hanging around in $_SERVER for code to do
whatever it wants with it.