diff --git a/ChangeLog b/ChangeLog
index 59cfb14794..93bc95dcd4 100644
--- a/ChangeLog
+++ b/ChangeLog
@@ -1,3 +1,8 @@
+Sat Feb 12 17:29:19 2005  Tanaka Akira  <akr@m17n.org>
+
+	* lib/open-uri.rb (OpenURI.open_loop): send authentication only for
+	  the URI directly specified.
+
 Sat Feb 12 15:07:23 2005  Nobuyoshi Nakada  <nobu@ruby-lang.org>
 
 	* random.c (rand_init): suppress warning.
diff --git a/lib/open-uri.rb b/lib/open-uri.rb
index b78da5461b..83bb756bb1 100644
--- a/lib/open-uri.rb
+++ b/lib/open-uri.rb
@@ -176,6 +176,11 @@ module OpenURI
         unless OpenURI.redirectable?(uri, redirect)
           raise "redirection forbidden: #{uri} -> #{redirect}"
         end
+        if options.include? :http_basic_authentication
+          # send authentication only for the URI directly specified.
+          options = options.dup
+          options.delete :http_basic_authentication
+        end
         uri = redirect
         raise "HTTP redirection loop: #{uri}" if uri_set.include? uri.to_s
         uri_set[uri.to_s] = true
@@ -201,7 +206,8 @@ module OpenURI
       raise "Non-HTTP proxy URI: #{proxy}" if proxy.class != URI::HTTP
     end
 
-    if target.userinfo
+    if target.userinfo && "1.9.0" <= RUBY_VERSION
+      # don't raise for 1.8 because compatibility.
       raise "userinfo not supported.  [RFC3986]"
     end