There is a lot of misinformation going on in this thread. Looking at the source of LWP::UserAgent, I see the following code:
sub request {
...
{
my $proxy = ($code == &HTTP::Status::RC_PROXY_AUTHENTICATION_REQUI
+RED);
my $ch_header = $proxy || $request->method eq 'CONNECT'
? "Proxy-Authenticate" : "WWW-Authenticate";
my @challenge = $response->header($ch_header);
unless (@challenge) {
$response->header("Client-Warning" =>
"Missing Authenticate header");
return $response;
}
require HTTP::Headers::Util;
CHALLENGE: for my $challenge (@challenge) {
$challenge =~ tr/,/;/; # "," is used to separate auth-params!
+!
($challenge) = HTTP::Headers::Util::split_header_words($challe
+nge);
my $scheme = shift(@$challenge);
shift(@$challenge); # no value
$challenge = { @$challenge }; # make rest into a hash
unless ($scheme =~ /^([a-z]+(?:-[a-z]+)*)$/) {
$response->header("Client-Warning" =>
"Bad authentication scheme '$scheme'");
return $response;
}
$scheme = $1; # untainted now
my $class = "LWP::Authen::\u$scheme";
$class =~ s/-/_/g;
no strict 'refs';
unless (%{"$class\::"}) {
# try to load it
eval "require $class";
if ($@) {
if ($@ =~ /^Can\'t locate/) {
$response->header("Client-Warning" =>
"Unsupported authentication scheme '$scheme'");
}
else {
$response->header("Client-Warning" => $@);
}
next CHALLENGE;
}
}
...
So, HTTP::Request will attempt to load a module LWP::Authen::$scheme when the server responds with a WWW-Authenticate header, which it does if your credentials are wrong.
Contrary to your expectation, it doesn't seem to respond with WWW-Authenticate: Basic but with WWW-Authenticate: Session, which makes LWP::UserAgent fail with the above error message. Maybe consider looking at what actually goes over the wire, what the actual response of the server is in your case, and maybe then decide to either fake LWP::Authen::Session as identical to LWP::Authen::Basic or to implement it yourself or to raise a bug against LWP::UserAgent.