libapache2-mod-auth-kerb: access to / failed, reason: user 'd_inevitable' does not meet 'require'ments for user/valid-user to be allowed access

Question

I am not sure if this is down to libapache2-mod-auth-kerb, apache2-mpm-itk or apache2 in general. The error message itself is very cryptic:

access to / failed, reason: 
       user 'd_inevitable' does not meet 'require'ments for user/valid-user to be allowed access

I am trying to create a development server for all development users. First I have tried to use a single virtualhost for it: without success. No am setting up a new virtual host for each user.

A virtual host for a user looks like this:

<VirtualHost 10.1.7.150:443>
    ServerAdmin d_inevitable@lan

    ServerName dinevitable.userspace.lan
    ServerAlias *.dinevitable.userspace.lan

    AssignUserId d_inevitable devel

    DocumentRoot "/home/users/d_inevitable/workspace"

    <Directory "/home/users/d_inevitable/workspace">
            AllowOverride All

            Options Indexes FollowSymlinks SymLinksIfOwnerMatch

            Order allow,deny
            allow from all

            AuthType Kerberos
            AuthName "Kerberos LAN Realm Login"
            KrbAuthRealms LAN
            Krb5KeyTab /etc/apache2/auth/dinevitable.keytab

            KrbMethodK5Passwd On
            KrbSaveCredentials On
            KrbLocalUserMapping On

            Require user d_inevitable;
    </Directory>

    SSLEngine On
    SSLCertificateFile /var/secure/ssl/userspace.lan.crt
    SSLCertificateKeyFile /var/secure/ssl/userspace.lan.open.key
</VirtualHost>

Each user has it's own HTTP keytab on the server so that there are no file-permission errors.

Well other than wondering how to fix it, I also wonder what this message means...

Answer 1

Semicolons aren't syntax in Apache configuration. Your Require user d_inevitable; literally requires the username to be d_inevitable;, while your user is named d_inevitable.

Remove that semicolon and the user should have access.