diff --git a/mercurial/util.py b/mercurial/util.py
--- a/mercurial/util.py
+++ b/mercurial/util.py
@@ -1565,7 +1565,9 @@ class url(object):
             self.user, self.passwd = user, passwd
         if not self.user:
             return (s, None)
-        return (s, (None, (str(self), self.host),
+        # authinfo[1] is passed to urllib2 password manager, and its URIs
+        # must not contain credentials.
+        return (s, (None, (s, self.host),
                     self.user, self.passwd or ''))
 
     def isabs(self):
diff --git a/tests/test-hgweb-auth.py b/tests/test-hgweb-auth.py
--- a/tests/test-hgweb-auth.py
+++ b/tests/test-hgweb-auth.py
@@ -1,4 +1,5 @@
 from mercurial import demandimport; demandimport.enable()
+import urllib2
 from mercurial import ui, util
 from mercurial import url
 from mercurial.error import Abort
@@ -95,3 +96,12 @@ test({'x.prefix': 'http://example.org/fo
       'y.username': 'y',
       'y.password': 'ypassword'},
      urls=['http://y@example.org/foo/bar'])
+
+def testauthinfo(fullurl, authurl):
+    print 'URIs:', fullurl, authurl
+    pm = urllib2.HTTPPasswordMgrWithDefaultRealm()
+    pm.add_password(*util.url(fullurl).authinfo()[1])
+    print pm.find_user_password('test', authurl)
+
+print '\n*** Test urllib2 and util.url\n'
+testauthinfo('http://user@example.com:8080/foo', 'http://example.com:8080/foo')
diff --git a/tests/test-hgweb-auth.py.out b/tests/test-hgweb-auth.py.out
--- a/tests/test-hgweb-auth.py.out
+++ b/tests/test-hgweb-auth.py.out
@@ -189,3 +189,8 @@ URI: http://y@example.org/foo
 CFG: {x.password: xpassword, x.prefix: http://example.org/foo/bar, x.username: None, y.password: ypassword, y.prefix: http://example.org/foo, y.username: y}
 URI: http://y@example.org/foo/bar
      ('y', 'xpassword')
+
+*** Test urllib2 and util.url
+
+URIs: http://user@example.com:8080/foo http://example.com:8080/foo
+('user', '')