diff --git a/auth/auth.go b/auth/auth.go
index 35b910c5..8dbc5a11 100644
--- a/auth/auth.go
+++ b/auth/auth.go
@@ -8,6 +8,9 @@ import (
 
 // Auther is a generic interface to implement password-based authentication and authorization
 type Auther interface {
+	// PreAuthenticatedUser looks up the user for a given username, and returns a user if one is found.
+	PreAuthenticatedUser(username) (*User, error)
+
 	// Authenticate checks username and password and returns a user if correct. The method
 	// returns in constant-ish time, regardless of whether the user exists or the password is
 	// correct or incorrect.
diff --git a/auth/auth_sqlite.go b/auth/auth_sqlite.go
index f2bad460..3d06e576 100644
--- a/auth/auth_sqlite.go
+++ b/auth/auth_sqlite.go
@@ -98,6 +98,12 @@ func NewSQLiteAuth(filename string, defaultRead, defaultWrite bool) (*SQLiteAuth
 	}, nil
 }
 
+// PreAuthenticatedUser looks up a user based on name- no validation of credentials is done!
+func (a *SQLiteAuth) Authenticate(username) (*User, error) {
+	user, err := a.User(username)
+	return user, nil
+}
+
 // Authenticate checks username and password and returns a user if correct. The method
 // returns in constant-ish time, regardless of whether the user exists or the password is
 // correct or incorrect.