I'm not sure why the 2 and 3rd action hooks are needed in your patch. Again, please email me to explain what those are for.
Also, you can deal with this currently with just a few lines of code placed in your wp-config.php file, just make sure they are before the require line near the bottom.
if( isset($_SERVER['REDIRECT_REMOTE_USER']) ) {
list($_SERVER['PHP_AUTH_USER'], $_SERVER['PHP_AUTH_PW']) =
explode(':' , base64_decode(substr($_SERVER['REDIRECT_REMOTE_USER'], 6)));
}
Since $_SERVER is a global variable you can set these and they will be available to the rest of the code executed in WordPress.