Auth before proxy

I’m planning on deploying a Rails app using Apache 2, mod_proxy, and
Mongrel, which seems to be the recommended scheme. I need
authentication, but I’m OK with Apache handling that, as long as Apache
passes REMOTE_USER to my app (which it looks like it does).

I can find plenty of documentation for setting up Apache to proxy to
Mongrel, and about setting up realms, but nothing that combines the two.
How do I configure httpd.conf so that Apaches handles the credentials,
and then proxies authenticated users? I’m guessing I’ll need to use a
container of some kind.