"Local" users are on an identified network address range (via .htaccess) and "remote" users are anyone who's not "local." In both cases they have accounts. The problem is Apache won't pass REMOTE_USER if the directory is considered to not require auth, which I need to have the site read-only for logged in local users. The only thing I've been able to come up with is to duplicate the MW instance using the same database at a different locations, but that means people will be using different URLs. I also set up a scheme where a directory requiring htauth login stores REMOTE_USER in a session variable then bounces them back, but it required further hacks and I'd prefer something cleaner.
I don't understand why do you want REMOTE_USER at all? Is it because you use Apache authentication modules - some kind of domain autologin? (and what kind?) And if it isn't automatic, if it's just HTTP LDAP authentication using login and password - why you don't use http://www.mediawiki.org/wiki/Extension:LDAP_Authentication?