I'm using gssapi to authenticate access to a viewvc instance and I'm getting these warnings in the logs.

[auth_gssapi:warn] [pid 14398:tid 14439] [client xxx.xxx.xxx.xxx:52682] Subrequest authentication bypass on location with different configuration!

This is the apache config file for viewvc:

ScriptAlias /viewvc /var/www/viewvc-1.3.0/bin/cgi/viewvc.cgi

<Directory /var/www/viewvc-1.3.0>
SSLOptions +StrictRequire
SSLRequireSSL
SSLRequire ( %{HTTP_HOST} eq "domain.com.au" )
ErrorDocument 403 https://domain.com.au/viewvc
SSLVerifyClient require

AuthType GSSAPI
AuthName "GSSAPI Login"
GssapiBasicAuth On
GssapiNegotiateOnce on

Require valid-user

Options +ExecCGI
AddHandler cgi-script .cgi

I believe I've also seen another error that is a few lines further down in the mod_auth_gssapi.c code
"Failed to lookup env table in subrequest"

I'm just not sure what the root cause of these errors is?
What is the Main Request vs Sub request in these cases

These are what the requests look like in ssl_request_log:

[30/Apr/2024:12:54:33 +0800] 192.168.2.4 TLSv1.3 TLS_AES_256_GCM_SHA384 "GET /viewvc/docroot/scripts.js HTTP/1.1" 401 381 0 2
[30/Apr/2024:12:54:33 +0800] 192.168.2.4 TLSv1.3 TLS_AES_256_GCM_SHA384 "GET /viewvc/docroot/scripts.js HTTP/1.1" 200 49 0 3
[30/Apr/2024:12:54:33 +0800] 192.168.2.4 TLSv1.3 TLS_AES_256_GCM_SHA384 "GET /favicon.ico HTTP/1.1" 401 381 0 4
[30/Apr/2024:12:54:34 +0800] 192.168.2.4 TLSv1.3 TLS_AES_256_GCM_SHA384 "GET /favicon.ico HTTP/1.1" 404 196 0 5

There is always a 401 followed by a 200 or 404 depending on the outcome
I think the 401 is due to Firefox being setup to use the MIT Kerberos tool for SSO. So I think it fails login before trying that each time for some reason..