diff --git a/lib/vauth/krb5_gssapi.c b/lib/vauth/krb5_gssapi.c
index e68053503..18c6dbb46 100644
--- a/lib/vauth/krb5_gssapi.c
+++ b/lib/vauth/krb5_gssapi.c
@@ -88,7 +88,7 @@ CURLcode Curl_auth_create_gssapi_user_message(struct SessionHandle *data,
   (void) userp;
   (void) passwdp;
 
-  if(krb5->context == GSS_C_NO_CONTEXT) {
+  if(!krb5->spn) {
     /* Generate our SPN */
     char *spn = Curl_auth_build_gssapi_spn(service, host);
     if(!spn)
@@ -112,7 +112,8 @@ CURLcode Curl_auth_create_gssapi_user_message(struct SessionHandle *data,
 
     free(spn);
   }
-  else {
+
+  if(krb5->context != GSS_C_NO_CONTEXT) {
     /* Decode the base-64 encoded challenge message */
     if(strlen(chlg64) && *chlg64 != '=') {
       result = Curl_base64_decode(chlg64, &chlg, &chlglen);
diff --git a/lib/vauth/krb5_sspi.c b/lib/vauth/krb5_sspi.c
index 6afd83dde..da08f8f03 100644
--- a/lib/vauth/krb5_sspi.c
+++ b/lib/vauth/krb5_sspi.c
@@ -85,6 +85,13 @@ CURLcode Curl_auth_create_gssapi_user_message(struct SessionHandle *data,
   unsigned long attrs;
   TimeStamp expiry; /* For Windows 9x compatibility of SSPI calls */
 
+  if(!krb5->spn) {
+    /* Generate our SPN */
+    krb5->spn = Curl_auth_build_spn(service, host);
+    if(!krb5->spn)
+      return CURLE_OUT_OF_MEMORY;
+  }
+
   if(!krb5->credentials) {
     /* Query the security package for Kerberos */
     status = s_pSecFn->QuerySecurityPackageInfo((TCHAR *)
@@ -104,11 +111,6 @@ CURLcode Curl_auth_create_gssapi_user_message(struct SessionHandle *data,
     if(!krb5->output_token)
       return CURLE_OUT_OF_MEMORY;
 
-    /* Generate our SPN */
-    krb5->spn = Curl_auth_build_spn(service, host);
-    if(!krb5->spn)
-      return CURLE_OUT_OF_MEMORY;
-
     if(userp && *userp) {
       /* Populate our identity structure */
       result = Curl_create_sspi_identity(userp, passwdp, &krb5->identity);