Precendence of auth entries in readers.conf for INN v2.3.4

My entries in reader.conf aren't behaving that way I thought they would 
so obviuously I'm confused about something.  My intent is to set up a 
default in which everyone authenticates against an LDAP directory using 
an authprog that I put together.  If the access is from a host on our 
local intranet, authentication is not necessary.  *Unless* I'm the one 
doing the access in which case I want to be forced to authenticate so 
that I am made aware of when the authentication process is having problems.

For some reason, the special constraint for me is not honored unless the
"intranet" block is commented out.  That is, accesses from my host go 
through unauthenticated under the "intranet" auth block even though I 
have a specific auth block set up for my host.  What have I done wrong 
with setting up my auth blocks?

Thanks,
Bryan.

Here is the auth section of my readers.conf file:

# By default, everyone must authenticate

auth "default" {
     hosts: "*"
     auth: ldap
     default-domain: "motorola.com"
}

# Unless they are accessing the server from a host on the Motorola
# Intranet which means they must be a Motorolan.  That is, we implicitly
# trust that any host attached to the Intranet has already authenticated
# the user.

auth "intranet" {
     hosts: "*.mot.com, *.motlabs.com, *.motorola.com"
     res: ident
     default: "<motorolan>"
     default-domain: "motorola.com"
}

# Or it's me.  I always authenticate so I can monitor this function.
auth "me" {
     hosts: "artibeus.nsr.labs.mot.com"
     auth: ldap
     default-domain: "motorola.com"
}

# Or they are accessing from the local machine itself in which case this
# is probably an admin trying to test something or resolve an issue.

auth "localhost" {
     hosts: "localhost, 127.0.0.1, stdin"
     default: "<localhost>"
}


-- 
Bryan Thale
Networks & Infrastructure Research, Motorola Labs
mailto:bryan.thale@xxxxxxxxxxxx