function trustExternal($user, $pass, $sticky=false) {
    global $USERINFO;
    global $lang;
    
    // someone used the login form
    if(!empty($user)){
        //situation: there are user credentials, lets check them
        if( ...try to authenticate against your backend...)
            
            // here you can handle additional post login actions 
            // for your backend
            
        }else{
            //invalid credentials - log off
            msg($lang['badlogin'],-1);
            auth_logoff(); // needs implementation of logOff() method
            return false;
        }
    }

    //situation: no login form used or logged in successful 
    

    // check where if there is a logged in user e.g from session,
    // $_SERVER or what your auth backend supplies...

    if( ...check here if there is a logged in user...) {

        $USERINFO['name'] = string
        $USERINFO['mail'] = string
        $USERINFO['grps'] = array()
    
        $_SERVER['REMOTE_USER']                = $user; //userid
        $_SESSION[DOKU_COOKIE]['auth']['user'] = $user; //userid
        $_SESSION[DOKU_COOKIE]['auth']['info'] = $USERINFO;
        
        return true;
    }else{
        //when needed, logoff explicitly.
    }