Put in a minor safety net to trap uninitialized auth variables.
This will keep things working with sane defaults in case an admin upgrades from a version of squirrelmail without the fancy auth code, but didn't bother to run conf.pl.