On session start the user sends his login name and the password for the remote account. I want to check the authenticity by something like trying to ssh into the remote account and immediately logout again. The unix user doing this is the owner of the apache process.
If this is the only time you'll ever want to authenticate users outside of account login, this hack will work. If you want a solution that scales (so that one day your users can be authenticated by mail and web servers, web applications, anything...), use LDAP.