diff --git a/lib/http_ntlm.c b/lib/http_ntlm.c
index c1bc929ca..c7c5c9eed 100644
--- a/lib/http_ntlm.c
+++ b/lib/http_ntlm.c
@@ -92,8 +92,6 @@ CURLntlm Curl_input_ntlm(struct connectdata *conn,
                          char *header) /* rest of the www-authenticate:
                                           header */
 {
-  struct SessionHandle *data=conn->data;
-
   /* skip initial whitespaces */
   while(*header && isspace((int)*header))
     header++;
@@ -122,20 +120,20 @@ CURLntlm Curl_input_ntlm(struct connectdata *conn,
 
       int size = Curl_base64_decode(header, buffer);
 
-      data->state.ntlm.state = NTLMSTATE_TYPE2; /* we got a type-2 */
+      conn->ntlm.state = NTLMSTATE_TYPE2; /* we got a type-2 */
 
       if(size >= 48)
         /* the nonce of interest is index [24 .. 31], 8 bytes */
-        memcpy(data->state.ntlm.nonce, &buffer[24], 8);
+        memcpy(conn->ntlm.nonce, &buffer[24], 8);
 
       /* at index decimal 20, there's a 32bit NTLM flag field */
 
     }
     else {
-      if(data->state.ntlm.state >= NTLMSTATE_TYPE1)
+      if(conn->ntlm.state >= NTLMSTATE_TYPE1)
         return CURLNTLM_BAD;
 
-      data->state.ntlm.state = NTLMSTATE_TYPE1; /* we should sent away a
+      conn->ntlm.state = NTLMSTATE_TYPE1; /* we should sent away a
                                                   type-1 */
     }
   }
@@ -284,7 +282,7 @@ CURLcode Curl_output_ntlm(struct connectdata *conn)
   char *base64=NULL;
 
   unsigned char ntlm[256]; /* enough, unless the host/domain is very long */
-  switch(data->state.ntlm.state) {
+  switch(conn->ntlm.state) {
   case NTLMSTATE_TYPE1:
   default: /* for the weird cases we (re)start here */
     hostoff = 32;
@@ -392,7 +390,7 @@ CURLcode Curl_output_ntlm(struct connectdata *conn)
       user = data->state.user;
     userlen = strlen(user);
 
-    mkhash(data->state.passwd, &data->state.ntlm.nonce[0], lmresp
+    mkhash(data->state.passwd, &conn->ntlm.nonce[0], lmresp
 #ifdef USE_NTRESPONSES
            , ntresp
 #endif
@@ -519,7 +517,7 @@ CURLcode Curl_output_ntlm(struct connectdata *conn)
     else
       return CURLE_OUT_OF_MEMORY; /* FIX TODO */
 
-    data->state.ntlm.state = NTLMSTATE_TYPE3; /* we sent a type-3 */
+    conn->ntlm.state = NTLMSTATE_TYPE3; /* we sent a type-3 */
     
   }
   break;
diff --git a/lib/urldata.h b/lib/urldata.h
index dab214ce3..04f999f03 100644
--- a/lib/urldata.h
+++ b/lib/urldata.h
@@ -528,6 +528,9 @@ struct connectdata {
   curl_read_callback fread; /* function that reads the input */
   void *fread_in;           /* pointer to pass to the fread() above */
 
+  struct ntlmdata ntlm;     /* NTLM differs from other authentication schemes
+                               because it authenticates connections, not
+                               single requests! */
 };
 
 /* The end of connectdata. */
@@ -658,7 +661,6 @@ struct UrlState {
                       is always set TRUE when curl_easy_perform() is called. */
 
   struct digestdata digest;
-  struct ntlmdata ntlm;
 
 #ifdef GSSAPI
   struct negotiatedata negotiate;