I did this
The command curl -u user: http://localhost sends an Authorization: Basic ... header to the server. The command curl -u user: --anyauth http://localhost does not, because it first expects to get a 401 code to begin negotiation of the auth method. I would expect the command curl -u user: --anyauth --no-anyauth http://localhost, which adds the --no-anyauth parameter, to undo the --anyauth and cause this command to operate like the first one (and send an Authorization: header), but it does not. It operates exactly the same as the previous command. Setting --basic, which the documentation says is the default behaviour, instead of --no-anyauth, also does nothing to restore the default behaviour.
I expected the following
I would expect --anyauth --no-anyauth and --anyauth --basic to each operate as a no-op, but it appears that once --anyauth is given auth negotiation cannot be disabled. Either curl should undo --anyauth and restore the default behaviour with one of these options, or, failing that, it should return an option is unknown error for --no-anyauth if it actually does nothing. The latter would be unfortunate, because it means if --anyauth is included in a .curlrc file it cannot be disabled.
The documentation for the various auth options is inconsistent. --basic says
This method is the default and this option is usually pointless, unless
you use it to override a previously set option that sets a
different authentication method (such as --ntlm, --digest, or
--negotiate).
which implies it should do what I want and override --anyauth (although, admittedly, it doesn't mention --anyauth by name). The documentation for --digest is different
This option is mutually exclusive with --basic, --ntlm and
--negotiate.
which implies that it's illegal to try to set more than one (curl doesn't stop you from doing it, though).
The --no-X options do appear to do something, though. Using --anyauth --no-digest against a site that is configured to allow Digest auth only, for example, causes curl to not negotiate it and give up after the first request.
curl/libcurl version
curl 8.14.1-DEV
operating system
Linux x86_64
I did this
The command
curl -u user: http://localhostsends anAuthorization: Basic ...header to the server. The commandcurl -u user: --anyauth http://localhostdoes not, because it first expects to get a 401 code to begin negotiation of the auth method. I would expect the commandcurl -u user: --anyauth --no-anyauth http://localhost, which adds the--no-anyauthparameter, to undo the--anyauthand cause this command to operate like the first one (and send anAuthorization:header), but it does not. It operates exactly the same as the previous command. Setting--basic, which the documentation says is the default behaviour, instead of--no-anyauth, also does nothing to restore the default behaviour.I expected the following
I would expect
--anyauth --no-anyauthand--anyauth --basicto each operate as a no-op, but it appears that once--anyauthis given auth negotiation cannot be disabled. Either curl should undo--anyauthand restore the default behaviour with one of these options, or, failing that, it should return anoption is unknownerror for--no-anyauthif it actually does nothing. The latter would be unfortunate, because it means if--anyauthis included in a .curlrc file it cannot be disabled.The documentation for the various auth options is inconsistent.
--basicsayswhich implies it should do what I want and override
--anyauth(although, admittedly, it doesn't mention--anyauthby name). The documentation for--digestis differentwhich implies that it's illegal to try to set more than one (curl doesn't stop you from doing it, though).
The
--no-Xoptions do appear to do something, though. Using--anyauth --no-digestagainst a site that is configured to allow Digest auth only, for example, causes curl to not negotiate it and give up after the first request.curl/libcurl version
curl 8.14.1-DEV
operating system
Linux x86_64