Sure, I didn't mean to imply that 404 and 401 errors are the same issue. Only that if we somehow "converted" a 404 into a 401, things had a chance of working more smoothly.
Back to the issue, now that you also enabled the authentication for GET (and HEAD) do things work as "advertised" with authentication enabled? That is, a plain HEAD is responded to with 401, and a subsequent PUT comes with proper credentials and succeeds?
I need to look at the authentication disabled workflow again.