Index: src/auth/ntlm/auth_ntlm.c
===================================================================
RCS file: /cvsroot/squid/squid/src/auth/ntlm/auth_ntlm.c,v
retrieving revision 1.40
diff -u -p -r1.40 auth_ntlm.c
--- src/auth/ntlm/auth_ntlm.c	4 Jul 2007 00:18:45 -0000	1.40
+++ src/auth/ntlm/auth_ntlm.c	9 Aug 2007 22:49:44 -0000
@@ -661,12 +661,6 @@ authenticateNTLMAuthenticateUser(auth_us
 	debug(29, 1) ("authenticateNTLMAuthenticateUser: attempt to perform authentication without a connection!\n");
 	return;
     }
-    if (!request->flags.proxy_keepalive) {
-	debug(29, 2) ("authenticateNTLMAuthenticateUser: attempt to perform authentication without a persistent connection!\n");
-	ntlm_request->auth_state = AUTHENTICATE_STATE_FAILED;
-	request->flags.must_keepalive = 1;
-	return;
-    }
     if (ntlm_request->waiting) {
 	debug(29, 1) ("authenticateNTLMAuthenticateUser: waiting for helper reply!\n");
 	return;
@@ -708,6 +702,12 @@ authenticateNTLMAuthenticateUser(auth_us
 	/* we should have recieved a blob from the clien. pass it to the same 
 	 * helper process */
 	debug(29, 9) ("authenticateNTLMAuthenticateUser: auth state challenge with header %s.\n", proxy_auth);
+	if (!request->flags.proxy_keepalive) {
+	    debug(29, 2) ("authenticateNTLMAuthenticateUser: attempt to perform ntlm authentication without a persistent connection!\n");
+	    ntlm_request->auth_state = AUTHENTICATE_STATE_FAILED;
+	    request->flags.must_keepalive = 1;
+	    return;
+	}
 	/* do a cache lookup here. If it matches it's a successful ntlm 
 	 * challenge - release the helper and use the existing auth_user 
 	 * details. */