Thanks for your quick response Michael. I have to confess I'm definitely not an expert in RFC 7617. That said, yum also uses Basic Auth, and I don't see 401s when I access the same target repo: 4.14.116.3 - user1 [26/Jun/2020:16:43:41 +0000] "GET /xxx/repodata/repomd.xml HTTP/1.1" 200 12493 "-" "urlgrabber/3.10 yum/3.4.3" 4.14.116.2 - user1 [26/Jun/2020:16:43:42 +0000] "GET /xxx/repodata/ad93e388b84d9452b90117b115bf2d045b7494a297d8d54fb4a77eb23f5096a1-primary.xml.gz HTTP/1.1" 200 973642 "-" "urlgrabber/3.10 yum/3.4.3" 4.14.116.3 - user1 [26/Jun/2020:16:47:02 +0000] "GET /xxx/repodata/e33af8f46be5e0db7679cfdf4c06198869626e9a14ec912142b3542ae1f3c897-filelists.xml.gz HTTP/1.1" 200 322113 "-" "urlgrabber/3.10 yum/3.4.3" 4.14.116.3 - user1 [26/Jun/2020:16:50:35 +0000] "GET /xxx/noarch/susefirewall2-to-firewalld-0.0.4-3.6.1.noarch.rpm HTTP/1.1" 200 32664 "-" "urlgrabber/3.10 yum/3.4.3" 4.14.116.2 - user1 [26/Jun/2020:16:51:22 +0000] "GET /xxx/repodata/repomd.xml HTTP/1.1" 200 12493 "-" "urlgrabber/3.10 yum/3.4.3" Does it look like we have two different interpretations of the standard? (Or maybe the same interpretation, but two different implementations?) (I can try to capture headers too if that would help.) Thanks.