We’re using v12.3.0. The application is deployed as ROOT  and our virtual host setup is as follows:
hst:hosts - localhost - hst:root - web - travel <-- hst:mountpoint here
This has been working well so far, but I now have a requirement to protect some site pages, so I confirmed the Delivery Tier Authentication Configuration  default login configuration (it was already set up as documented) and set up http login. When however trying to access http://localhost:8080/web/travel/login/form I get a “Page not found” error.
I have tried various variations of that URL, without success. What would the correct URL be in my instance?
I have followed the exact process on a vanilla installation, using /site, and then it works as expected and I see the default login page.
I also notice that when I protect a sitemap item  with hst:authenticated, going to that page in the browser momentarily shows the “Auhentication required” screen, then forwards to http://localhost:8080/login/form without the context path. That also returns a “Page not found” error page.
What am I missing?