With one QVS, yes that's possible. I'm not sure it would be stable with a single IIS though, I would have thought you'd need one for each authentication type (both can point at the same QVS). This is because for ticketing you'd normally set QvAjaxZfc to anonymous but not for the other authentication.
Thanks for the reply - I created a copy of that folder (I called it QvAjaxZfcBa) and edited all the files I could see relating to the broken application to reflect the different URL path. I created a new Application Pool and user in IIS for this new site and I do get prompted for a userid/password.
The really strange thing that happens is once the access point is displayed and I see the documents to chose from, if I mouse over the document, it shows the URL for the document and the URL includes the QvAjaxZfcBa as I would expect. However, when I click on the document to open it, OK the popups described in the original post, the URL that then remains in the browser is incorrect in that the Ba is missing from the end QvAjaxZfc. It is almost like I missed editing a file our changing a setting somewhere, and can't figure out where.