--- curl-7.13.1/lib/http.c.pom	2005-02-19 00:53:07.000000000 +0100
+++ curl-7.13.1/lib/http.c	2005-04-27 11:48:40.000000000 +0200
@@ -455,6 +455,7 @@
   /* To prevent the user+password to get sent to other than the original
      host due to a location-follow, we do some weirdo checks here */
   if(!data->state.this_is_a_follow ||
+     conn->bits.netrc || 
      !data->state.first_host ||
      curl_strequal(data->state.first_host, conn->host.name) ||
      data->set.http_disable_hostname_check_before_authentication) {
--- curl-7.13.1/lib/url.c.pom	2005-02-09 23:47:57.000000000 +0100
+++ curl-7.13.1/lib/url.c	2005-04-27 11:45:59.000000000 +0200
@@ -3131,15 +3131,23 @@
            user, passwd);
   }
 
+  conn->bits.netrc = FALSE;
   if (data->set.use_netrc != CURL_NETRC_IGNORED) {
     if(Curl_parsenetrc(conn->host.name,
                        user, passwd,
                        data->set.netrc_file)) {
-      infof(data, "Couldn't find host %s in the " DOT_CHAR "netrc file, using defaults\n",
+      infof(data, "Couldn't find host %s in the " DOT_CHAR
+            "netrc file, using defaults\n",
             conn->host.name);
     }
-    else
+    else {
+      /* set bits.netrc TRUE to remember that we got the name from a .netrc
+         file, so that it is safe to use even if we followed a Location: to a
+         different host or similar. */
+      conn->bits.netrc = TRUE;
+
       conn->bits.user_passwd = 1; /* enable user+password */
+    }
   }
 
   /* If our protocol needs a password and we have none, use the defaults */
--- curl-7.13.1/lib/urldata.h.pom	2005-02-09 14:06:56.000000000 +0100
+++ curl-7.13.1/lib/urldata.h	2005-04-27 11:50:31.000000000 +0200
@@ -388,6 +388,7 @@
   bool ftp_use_lprt;  /* As set with CURLOPT_FTP_USE_EPRT, but if we find out
                          LPRT doesn't work we disable it for the forthcoming
                          requests */
+  bool netrc;         /* name+password provided by netrc */
 };
 
 struct hostname {