The reason the the password is prompted is because, on 401 authentication failure, there is a retry logic by default. When the authentication is retried, it is prompted for username:password using getpass. When using GUI modules it is desired to override the prompt_user_passwd for prompting via GUI.

The way to 'resolve' this issue it seems to me is have a switch retry=False in http_error_401 and http_error_407 methods, which will not prompt the user but instead will throw the Exception and the HTTP Error value. 

retry=True will prompt the user in the cmdline or in GUI (if it is overridden).

- This is adding an extra flag in the function, so I am not sure py2.7 is the right candidate. But the same functions are present in py3k trunk, we can patch it in there. 

I am setting the priority to low and attaching the patch too. I see the bug was reported way back in 2005 and it has not been a serious concern for anyone so far. My take is to patch it in py3k and close the issue.

- Also, anyone using urllib should just migrate to use urllib2 facilities. This piece of code is present for supporting the legacy apps only.

- And the most important of all, username:password@url.tld is deprecated, it should not be used at all.