Index: branches/2.5-fixes/src/include/batch_request.h
===================================================================
--- branches/2.5-fixes/src/include/batch_request.h	(revision 5100)
+++ branches/2.5-fixes/src/include/batch_request.h	(revision 5101)
@@ -404,7 +404,7 @@
 
 #ifndef PBS_MOM
 extern void  req_authenuser (struct batch_request *req);
-extern void  req_altauthenuser (struct batch_request *req);
+extern int   req_altauthenuser (struct batch_request *req);
 extern void  req_connect (struct batch_request *req);
 extern void  req_locatejob (struct batch_request *req);
 extern void  req_manager (struct batch_request *req);
Index: branches/2.5-fixes/src/server/req_getcred.c
===================================================================
--- branches/2.5-fixes/src/server/req_getcred.c	(revision 5100)
+++ branches/2.5-fixes/src/server/req_getcred.c	(revision 5101)
@@ -436,7 +436,7 @@
  * utility 
  * 
 */
-void req_altauthenuser(
+int req_altauthenuser(
 
   struct batch_request *preq)  /* I */
 
@@ -462,7 +462,7 @@
   if(s >= PBS_NET_MAX_CONNECTIONS)
 	{
 	req_reject(PBSE_BADCRED, 0, preq, NULL, "cannot authenticate user");
-	return;
+	return (PBSE_BADCRED);
 	}
 
 
@@ -470,7 +470,8 @@
   if(rc)
 	{
 	/* FAILED */
-	return;
+	req_reject(PBSE_SYSTEM, 0, preq, NULL, "munge failure");
+	return (PBSE_SYSTEM);
 	}
 
   /* SUCCESS */
@@ -482,7 +483,7 @@
   svr_conn[s].cn_authen = PBS_NET_CONN_AUTHENTICATED;
 
   reply_ack(preq);
-  return;
+  return (PBSE_NONE);
 
   }  /* END req_altauthenuser() */
 
Index: branches/2.5-fixes/src/server/process_request.c
===================================================================
--- branches/2.5-fixes/src/server/process_request.c	(revision 5100)
+++ branches/2.5-fixes/src/server/process_request.c	(revision 5101)
@@ -541,10 +541,21 @@
       rc = 0;  /* bypass the authentication of the user--trust the client completely */
     else if(munge_on)
       {
-      /* If munge_on is true we will validate the connection later */
-      conn_credent[sfds].timestamp = time_now;
-      svr_conn[sfds].cn_authen = PBS_NET_CONN_AUTHENTICATED;
-      rc = 0;
+      /* If munge_on is true we will validate the connection now */
+      if ( request->rq_type == PBS_BATCH_AltAuthenUser)
+        {
+        rc = req_altauthenuser(request);
+        if (rc == PBSE_NONE)
+          {
+          conn_credent[sfds].timestamp = time_now;
+          svr_conn[sfds].cn_authen = PBS_NET_CONN_AUTHENTICATED;
+          }
+        return;
+        }
+      else
+        {
+        rc = authenticate_user(request, &conn_credent[sfds]);
+        }
       }
     else if (svr_conn[sfds].cn_authen != PBS_NET_CONN_AUTHENTICATED)
       rc = PBSE_BADCRED;
@@ -1021,9 +1032,6 @@
       break;
 
     case PBS_BATCH_AltAuthenUser:
-      /* Use given authentication method to determine
-         if user is valid */
-       req_altauthenuser(request); 
 
       break;