Actually, that's a feature, not a bug. It is not appropriate (nor secure) for any web-authenticating tool to assume that the appropriate authentication mechanism to use is "HTTP Basic", which always sends barely-obfuscated, cleartext passwords. Previous behavior doing so was in violation of relevant RFCs. The current expected behavior is that it should not send Authorization header until the server gives back a "401 Unauthorized" response, and indicates the best authentication mechanism to use.
However, some servers fail to provide that response, particularly if they offer form-authentication as a viable alternative for authentication. You can force wget to send basic authorization immediately (just like its old behavior) by specifying --auth-no- challenge. (As an aside: the --post-file and --post-data options do not affect request headers in any way; they affect the request body and method only.) ** Changed in: wget (Ubuntu) Status: Confirmed => Invalid -- --http-user and --http-password ignored https://bugs.launchpad.net/bugs/352372 You received this bug notification because you are a member of Ubuntu Bugs, which is subscribed to Ubuntu. -- ubuntu-bugs mailing list ubuntu-bugs@lists.ubuntu.com https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs