Hey! Thank you for the suggestion. It proved quite helpful. I'm not too sure how secure this solution is but it seems to work. Also as you mentioned, users currently have to exist in the punBB database with at least the same username.
Basically after a successful http authentication, the username provided by the server is used to find the user id and password on the punBB database. The ID and password are then used to set the cookie. The interesting thing is that the password stored in the punBB is not used in the authentication process to access the website and can be set to anything.
Inside "include/functions.php"
Just below:
function check_cookie(&$pun_user)
{
global $db, $pun_config, $cookie_name, $cookie_seed;
$now = time();
$expire = $now + 31536000; // The cookie expires after a year
The following code was added:
//If Apache Authentication is successful then SET cookie
$username = $_SERVER["REMOTE_USER"];
$result = $db->query('SELECT username, password, id FROM '.$db->prefix.'users WHERE username=\''.$username.'\'') or error('Goodbye', __FILE__, __LINE__, $db->error());
$pun_user = $db->fetch_assoc($result);
pun_setcookie($pun_user[id], $pun_user[password], $expire);
//End Apache Authentication Check