I discovered this bug while testing the new Apache configuration files scheme. I emerged net-www/apache-2.0.52-r3 first, moved the configuration files to their new locations and then I started to reemerge the additional modules I need. After emerging mod_auth_external and pwauth (which used to be a part of the former in older releases but now is a separate package), editing the configuration files and restarting Apache I discovered that authorization always fails even if the credentials submitted are correct.

Reproducible: Always
Steps to Reproduce:
1. emerge mod_auth_external
2. emerge pwauth
3. Add -D AUTH_EXTERNAL to /etc/conf.d/apache
4. Edit /etc/apache2/modules.d/10_mod_auth_external.conf so that the paths and references to /usr/sbin/pwauth are correct
5. Start Apache
6. Send a request for a password protected page from a web browser
7. Submit a valid user name and password.
Actual Results:  
I could not log into any location where mod_auth_external was used even though
the credentials submitted were correct.

Expected Results:  
The server should have accepted the credentials and sent the requested page to
the browser.

I tested the pwauth program as root from the command line. It seemed to work
correcetly. This can be done by invoking /usr/sbin/pwauth typing-in username and
password and then checking the result by: echo $?. If you get 0 that means that
the login was succesful.

Then I switched to a regular user account and repeated the tests. It turned out
that the program did not work any more. The error code it returned was 50. I
looked into the sources to find out what it was. I found out that uid=72 was
hard coded into the config.h file (only this uid and root can run the program,
anyone elese will get error code 50) while my apache user has 81. Editing line
#241 in this file so that it reads:

#define SERVER_UIDS 81          /* user "apache" */

recompiling the program and replacing /usr/sbin/pwauth makes it work again.