The other authentication mechanisms would raise a 401 in case of invalid credentials.
For example, this capabilities request is open, an anonymous can ask for it, but if passing invalid basic auth credentials, it results in a 401:
(remove the ``-u pippoaperino`` to get a valid response instead).
The authkey should behave the same, in case an attempt to login via authkey is detecting and the credentials are not valid, then a request to present valid credentials (401) should be returned, instead of falling back on the auth chain and eventually allow to proceed like anonymous.
For extra upgrade safety, a system variable might be rolled to restore the existing behavior, in case anyone is actually depending on it.