In the case of a failed authentication initialization, the
authentication setup was simply continued with an unset $auth object.
This restores the previous behavior (before merging #141) of simply
returning after unsetting $auth. Furthermore this re-introduces the
check if $auth is set before checking $auth and removes a useless
check if $auth is true (could never be false).