If I find more time I can fully set up the dev environment and run the tests, but for now this should put you guys on the right path for improving X509 authentication. Feel free to steal the implementation. (Unfortunately it isn't 1:1 applicable to 2.5.x since it affects different files. If y'all would like a similar review for 2.5.x I can do that).
Cheers 

This change breaks the unit tests:

======================================================================
ERROR: Testing X509AuthMiddleware.process_request with backend enabled and username environment variable present
----------------------------------------------------------------------
Traceback (most recent call last):
  File "/Users/david/src/reviewboard/release-3.0.x/reviewboard/accounts/tests/test_x509_auth_middleware.py", line 63, in test_process_request_with_enabled_and_username
    result = self.middleware.process_request(self.request)
  File "/Users/david/src/reviewboard/release-3.0.x/reviewboard/accounts/middleware.py", line 114, in process_request
    clean_username = self.clean_username(x509_field, request)
  File "/Users/david/src/reviewboard/release-3.0.x/reviewboard/accounts/middleware.py", line 74, in clean_username
    backend_str = request.session[auth.BACKEND_SESSION_KEY]
  File "/Users/david/src/env/reviewboard-3.0/lib/python2.7/site-packages/django/contrib/sessions/backends/base.py", line 47, in __getitem__
    return self._session[key]
KeyError: '_auth_user_backend'