diff --git a/src/box/authentication.cc b/src/box/authentication.cc
index b35669ad642c769f7efb85b028c668abba3a12c4..cb8414d1f7ed7ac641a4f327ed2bf14697156708 100644
--- a/src/box/authentication.cc
+++ b/src/box/authentication.cc
@@ -30,21 +30,35 @@
 #include "user_def.h"
 #include "session.h"
 
+static char zero_hash[SCRAMBLE_SIZE];
+
 void
 authenticate(const char *user_name, uint32_t len,
 	     const char *tuple, const char * /* tuple_end */)
 {
 	struct user_def *user = user_cache_find_by_name(user_name, len);
 	struct session *session = current_session();
-	uint32_t part_count = mp_decode_array(&tuple);
+	uint32_t part_count;
+	uint32_t scramble_len;
+	const char *scramble;
+	/*
+	 * Allow authenticating back to GUEST user without
+	 * checking a password. This is useful for connection
+	 * pooling.
+	 */
+	if (user->uid == GUEST && memcmp(user->hash2, zero_hash, SCRAMBLE_SIZE)) {
+		/* No password is set for GUEST, OK. */
+		goto ok;
+	}
+
+	part_count = mp_decode_array(&tuple);
 	if (part_count < 2) {
 		/* Expected at least: authentication mechanism and data. */
 		tnt_raise(ClientError, ER_INVALID_MSGPACK,
 			   "authentication request body");
 	}
 	mp_next(&tuple); /* Skip authentication mechanism. */
-	uint32_t scramble_len;
-	const char *scramble = mp_decode_str(&tuple, &scramble_len);
+	scramble = mp_decode_str(&tuple, &scramble_len);
 	if (scramble_len != SCRAMBLE_SIZE) {
 		/* Authentication mechanism, data. */
 		tnt_raise(ClientError, ER_INVALID_MSGPACK,
@@ -54,6 +68,7 @@ authenticate(const char *user_name, uint32_t len,
 	if (scramble_check(scramble, session->salt, user->hash2))
 		tnt_raise(ClientError, ER_PASSWORD_MISMATCH, user->name);
 
+ok:
 	current_user_init(&session->user, user);
 }
 
diff --git a/src/box/user_cache.h b/src/box/user_cache.h
index d3da115278ce7b9998f10ea751955358b9225c69..ab7757b825ed2c9cffbae763747a0ab8266c6133 100644
--- a/src/box/user_cache.h
+++ b/src/box/user_cache.h
@@ -37,7 +37,7 @@ struct user_def;
  * in session->auth_token. This way it's easy to quickly find
  * the current user of the session.
  * An auth token, instead of a direct pointer, is stored in the
- * session because it make dropping of a signed in user safe.
+ * session because it makes dropping of a signed in user safe.
  * The same auth token (index in an array)
  * is also used to find out user privileges when accessing stored
  * objects, such as spaces and functions.