To reproduce it, use the following setting in the httpd.conf <Location /private/> AuthType None Require valid-user </Location> start the httpd server, and then use the browser to access the /private/. The browser will show “500 Internal Server Error”, while the server prints the following message in the error log [Mon Mar 19 21:14:30.936513 2012] [core:error] [pid 3431:tid 140737100195584] [client 132.239.17.127:42029] AH00027: Buggy authn provider failed to set user for /private/ The message here is really very misleading and inaccurate. --------- use gdb to trace the code, the problem is at server/request.c access_status = ap_run_access_checker_ex(r); if (access_status == OK) { ap_log_rerror(APLOG_MARK, APLOG_TRACE3, 0, r, "request authorized without authentication by " "access_checker_ex hook: %s", r->uri); } else if (access_status != DECLINED) { return decl_die(access_status, "check access", r); } else { if ((access_status = ap_run_check_user_id(r)) != OK) { return decl_die(access_status, "check user", r); } if (r->user == NULL) { /* don't let buggy authn module crash us in authz */ ap_log_rerror(APLOG_MARK, APLOG_ERR, 0, r, APLOGNO(00028) "Buggy authn provider failed to set user for %s", r->uri); access_status = HTTP_INTERNAL_SERVER_ERROR; return decl_die(access_status, "check user", r); } ....,, } since AuthType is set to None, the ap_auth_type is always set to be NULL (see set_authtype() function in modules/aaa/mod_authn_core.c). In the hooked functions like authenticate_basic_user (r=0x8b17f0) at mod_auth_basic.c:197 authenticate_form_authn (r=0x8b17f0) at mod_auth_form.c:849 authenticate_no_user (r=0x8b17f0) at mod_authn_core.c:351 r->user cannot be set a value if ap_auth_type is NULL. So the error occurs.
Message has been changed long ago in r1351015. This is part of 2.4.3 This looks enough to close this old report.