I also came across this issue,
the authz_groupfile module in apache is not enabled. To enable issue
the following command.
# a2enmod authz_groupfile
Then restart Apache.
To completely remove any authentication (which is apparently the
default configuration in Debian) modify the DirectoryMatch section in
the file "/etc/apache2/conf-available/nagios4-cgi.conf" with the
following. (Comment out all the Auth part and add "Order allow,deny"
and "Allow from all")
<DirectoryMatch (/usr/share/nagios4/htdocs|/usr/lib/cgi-
bin/nagios4|/etc/nagios4/stylesheets)>
Options FollowSymLinks
DirectoryIndex index.php index.html
AllowOverride AuthConfig
#
# The default Debian nagios4 install sets use_authentication=0 in
# /etc/nagios4/cgi.cfg, which turns off nagos's internal
# authentication.
# This is insecure. As a compromise this default apache2
# configuration
# only allows private IP addresses access.
#
# The <Files>...</Files> below shows how you can secure the nagios4
# web site so anybody can view it, but only authenticated users
# can issue
# commands (such as silence notifications). To do that replace the
# "Require all granted" with "Require valid-user", and use htdigest
# program from the apache2-utils package to add users to
# /etc/nagios4/htdigest.users.
#
# A step up is to insist all users validate themselves by moving
# the stanza's in the <Files>..<Files> into the <DirectoryMatch>.
# Then by setting use_authentication=1 in /etc/nagios4/cgi.cfg you
# can configure which people get to see a particular service from
# within the nagios configuration.
#
<RequireAll>
#Require all granted
#AuthDigestDomain "/nagios4"
#AuthDigestProvider file
#AuthUserFile "/etc/nagios4/htdigest.users"
#AuthGroupFile "/etc/null"
#AuthName "Nagios4"
#AuthType Digest
#Require valid-user
Order allow,deny
Allow from all
</RequireAll>
</DirectoryMatch>
