Hmmm - also curious why this is happening. 

We are only requiring AUTH for REQs targeting kind 4 or without a kind and only one successful auth per connection.