I would like to have a site where some content is public while some other is only visible for authenticated users. So authentication would be possible, but not required. I would like to know if this is possible.
Some background:
To tell the client authentication is available in the first place I need to send some headers. As I understand RFC 2617 the 'WWW-Authenticate' header field MUST always be part of a '401 (Unauthorized)' response.
Now some clients (e.g. wget) will stop trying when they get a 401 header (wget actually uses the term 'Authorization Required' rather than 'Unauthorized').
So is this a wget bug or is there no such thing as optional http basic auth?