diff -up cups-1.5.2/backend/ipp.c.str3985 cups-1.5.2/backend/ipp.c
--- cups-1.5.2/backend/ipp.c.str3985	2012-04-05 10:28:12.568898781 +0200
+++ cups-1.5.2/backend/ipp.c	2012-04-05 10:32:07.165612536 +0200
@@ -957,9 +957,13 @@ main(int  argc,				/* I - Number of comm
       }
       else if (ipp_status == IPP_NOT_AUTHORIZED || ipp_status == IPP_FORBIDDEN)
       {
-	if (!strncmp(httpGetField(http, HTTP_FIELD_WWW_AUTHENTICATE),
-		     "Negotiate", 9))
+        const char *www_auth = httpGetField(http, HTTP_FIELD_WWW_AUTHENTICATE);
+        				/* WWW-Authenticate field value */
+
+	if (!strncmp(www_auth, "Negotiate", 9))
 	  auth_info_required = "negotiate";
+        else if (www_auth[0])
+          auth_info_required = "username,password";
 
 	fprintf(stderr, "ATTR: auth-info-required=%s\n", auth_info_required);
 	return (CUPS_BACKEND_AUTH_REQUIRED);
@@ -1315,23 +1319,13 @@ main(int  argc,				/* I - Number of comm
     else if (ipp_status == IPP_NOT_AUTHORIZED || ipp_status == IPP_FORBIDDEN ||
 	     ipp_status == IPP_AUTHENTICATION_CANCELED)
     {
-     /*
-      * Update auth-info-required as needed...
-      */
-
-      fprintf(stderr, "DEBUG: WWW-Authenticate=\"%s\"\n",
-	      httpGetField(http, HTTP_FIELD_WWW_AUTHENTICATE));
-
-     /*
-      * Normal authentication goes through the password callback, which sets
-      * auth_info_required to "username,password".  Kerberos goes directly
-      * through GSSAPI, so look for Negotiate in the WWW-Authenticate header
-      * here and set auth_info_required as needed...
-      */
+      const char *www_auth = httpGetField(http, HTTP_FIELD_WWW_AUTHENTICATE);
+					/* WWW-Authenticate field value */
 
-      if (!strncmp(httpGetField(http, HTTP_FIELD_WWW_AUTHENTICATE),
-		   "Negotiate", 9))
+      if (!strncmp(www_auth, "Negotiate", 9))
 	auth_info_required = "negotiate";
+      else if (www_auth[0])
+	auth_info_required = "username,password";
 
       goto cleanup;
     }
@@ -1486,19 +1480,13 @@ main(int  argc,				/* I - Number of comm
 
 	if (ipp_status == IPP_NOT_AUTHORIZED || ipp_status == IPP_FORBIDDEN)
 	{
-	  fprintf(stderr, "DEBUG: WWW-Authenticate=\"%s\"\n",
-		  httpGetField(http, HTTP_FIELD_WWW_AUTHENTICATE));
-
-         /*
-	  * Normal authentication goes through the password callback, which sets
-	  * auth_info_required to "username,password".  Kerberos goes directly
-	  * through GSSAPI, so look for Negotiate in the WWW-Authenticate header
-	  * here and set auth_info_required as needed...
-	  */
-
-	  if (!strncmp(httpGetField(http, HTTP_FIELD_WWW_AUTHENTICATE),
-		       "Negotiate", 9))
+	  const char *www_auth = httpGetField(http, HTTP_FIELD_WWW_AUTHENTICATE);
+					/* WWW-Authenticate field value */
+  
+	  if (!strncmp(www_auth, "Negotiate", 9))
 	    auth_info_required = "negotiate";
+	  else if (www_auth[0])
+	    auth_info_required = "username,password";
 	}
 	else
 	  sleep(10);