--- a/src/auth/auth-request.c	Sat Oct 27 18:25:44 2007 +0300
+++ b/src/auth/auth-request.c	Sat Oct 27 18:31:05 2007 +0300
@@ -768,17 +768,6 @@
 {
 	const char *p, *login_username = NULL;
 
-	if (request->original_username == NULL) {
-		/* the username may change later, but we need to use this
-		   username when verifying at least DIGEST-MD5 password */
-		request->original_username = p_strdup(request->pool, username);
-	}
-	if (request->cert_username) {
-		/* cert_username overrides the username given by
-		   authentication mechanism. */
-		return TRUE;
-	}
-
 	if (request->auth->master_user_separator != '\0' &&
 	    !request->userdb_lookup) {
 		/* check if the username contains a master user */
@@ -792,6 +781,17 @@
 		}
 	}
 
+	if (request->original_username == NULL) {
+		/* the username may change later, but we need to use this
+		   username when verifying at least DIGEST-MD5 password. */
+		request->original_username = p_strdup(request->pool, username);
+	}
+	if (request->cert_username) {
+		/* cert_username overrides the username given by
+		   authentication mechanism. */
+		return TRUE;
+	}
+
 	if (*username == '\0') {
 		/* Some PAM plugins go nuts with empty usernames */
 		*error_r = "Empty username";