ACL problems, any suggestions would be great

Here is what we'd like to do:

User logs into some machine (frontend) starts pine, pine ssh's to another 
machine
(backend) where their mail is actually stored in Maildir format and exec 
/etc/rimapd.
We want to do this without the user having to enter a password again on the 
backend
machine.

Here are the problems:

We don't want to use public-key.
We don't want these users (the ones typing pine) to be allowed to login to the 
remote
machine (backend).
We don't want them to be allowed to execute any commands on the remote machine 
(with the
exception of "exec /etc/rimapd".

I could not come up with a solution to solve this problem with openssh. I 
started looking
for other open implementations of secure shell and lsh caught my eye. Lsh 
appealed to me
because you could specify a login shell for all users that would override the 
login shell
in the passwd db (this was perfect since we could then create a shell called 
rimapd and
it just executed /etc/rimapd).  The reason I could not go with this solution is 
lsh
does not have trusted host authentication mechanisms, so there was no way to 
have
passwordless logins.

Any suggestions?

Thanks.

Bryan