I am running the Akka 2.0.2 microkernel and want to implement an authentication scheme for untrusted remote actors.

The first thing that comes to mind is to set up an authentication actor which returns a reference to the work actor when authentication succeeds.

However, how should I protect the work actor from simply being directly looked up remotely via actorFor(), circumventing authentication altogether?

That is, I want to prevent remote actors from accessing actors in my microkernel actor system without authentication.

Not giving the work actor a name in actorOf() is not enough, because it will get an easily-guessed autogenerated name. Is there a way to disable remote lookup for actors, yet still be able to give out their ActorRef to remote systems?

I think you were on the right track with the authentication actor. Have the authentication actor return both the ActorRef and a token. The remote actors must include that token in messages to your local worker actor. The worker actor will validate the token before doing the work.

trait AuthenticatingActor { this => Actor
  val authenticationService = //...

  def receive = {
    case UnauthenticatedRequest(token, msg) =>
      if (authenticationService.validate(token) 
        authenticatedRecieve(msg)
      else
        sender ! RequestNotAuthenticated(token, "token invalid")

  def authenticatedReceive: Receive
}

class Worker extends AuthenticatingActor with Actor {
  def authenticatedReceive: Receive = //..
}

class AuthenticationActor extends Actor {
  val authenticationService = //..
  var worker: ActorRef = _

  def receive = {
    case Authenticate(username, password) =>
      val token = authenticationService.authenticate(username, password)
      sender ! token.map(AuthenticationSuccess(_, worker).
                     getOrElse(AuthenticationFailure)
    //..
}