diff --git a/lib/http.c b/lib/http.c
index 0ce575ba8c5f88fec0a7ba6aa47646a670fd5ba5..d4324400f6c77852c399f0eb072ca0068912cf4d 100644
--- a/lib/http.c
+++ b/lib/http.c
@@ -284,7 +284,7 @@ static bool pickoneauth(struct auth *pick)
 {
   bool picked;
   /* only deal with authentication we want */
-  long avail = pick->avail & pick->want;
+  unsigned long avail = pick->avail & pick->want;
   picked = TRUE;
 
   /* The order of these checks is highly relevant, as this will be the order
@@ -697,7 +697,7 @@ CURLcode Curl_http_input_auth(struct connectdata *conn,
    */
   struct SessionHandle *data = conn->data;
 
-  long *availp;
+  unsigned long *availp;
   const char *start;
   struct auth *authp;
 
diff --git a/lib/url.c b/lib/url.c
index a290e3cea2c93d0402a632db91fe9967185d064b..ac496bb8d4eb82bcc8410351f4b57be30a73601f 100644
--- a/lib/url.c
+++ b/lib/url.c
@@ -1397,7 +1397,7 @@ CURLcode Curl_setopt(struct SessionHandle *data, CURLoption option,
      * Set HTTP Authentication type BITMASK.
      */
   {
-    long auth = va_arg(param, long);
+    unsigned long auth = va_arg(param, unsigned long);
 
     /* the DIGEST_IE bit is only used to set a special marker, for all the
        rest we need to handle it as normal DIGEST */
@@ -1461,7 +1461,7 @@ CURLcode Curl_setopt(struct SessionHandle *data, CURLoption option,
      * Set HTTP Authentication type BITMASK.
      */
   {
-    long auth = va_arg(param, long);
+    unsigned long auth = va_arg(param, unsigned long);
 
     /* the DIGEST_IE bit is only used to set a special marker, for all the
        rest we need to handle it as normal DIGEST */
diff --git a/lib/urldata.h b/lib/urldata.h
index b718ed8d274cba29cd563f7234ae3e570a01e9bf..20519cf2c18588f36980f3a2f5ea25c67a99dfc8 100644
--- a/lib/urldata.h
+++ b/lib/urldata.h
@@ -986,8 +986,8 @@ struct PureInfo {
                      thus made the document NOT get fetched */
   long header_size;  /* size of read header(s) in bytes */
   long request_size; /* the amount of bytes sent in the request(s) */
-  long proxyauthavail; /* what proxy auth types were announced */
-  long httpauthavail;  /* what host auth types were announced */
+  unsigned long proxyauthavail; /* what proxy auth types were announced */
+  unsigned long httpauthavail;  /* what host auth types were announced */
   long numconnects; /* how many new connection did libcurl created */
   char *contenttype; /* the content type of the object */
   char *wouldredirect; /* URL this would've been redirected to if asked to */
@@ -1089,11 +1089,11 @@ typedef enum {
 #define MAX_CURL_PASSWORD_LENGTH_TXT "255"
 
 struct auth {
-  long want;  /* Bitmask set to the authentication methods wanted by the app
-                 (with CURLOPT_HTTPAUTH or CURLOPT_PROXYAUTH). */
-  long picked;
-  long avail; /* bitmask for what the server reports to support for this
-                 resource */
+  unsigned long want;  /* Bitmask set to the authentication methods wanted by
+                          app (with CURLOPT_HTTPAUTH or CURLOPT_PROXYAUTH). */
+  unsigned long picked;
+  unsigned long avail; /* Bitmask for what the server reports to support for
+                          this resource */
   bool done;  /* TRUE when the auth phase is done and ready to do the *actual*
                  request */
   bool multi; /* TRUE if this is not yet authenticated but within the auth
@@ -1361,8 +1361,8 @@ struct UserDefined {
   void *writeheader; /* write the header to this if non-NULL */
   void *rtp_out;     /* write RTP to this if non-NULL */
   long use_port;     /* which port to use (when not using default) */
-  long httpauth;     /* what kind of HTTP authentication to use (bitmask) */
-  long proxyauth;    /* what kind of proxy authentication to use (bitmask) */
+  unsigned long httpauth;  /* kind of HTTP authentication to use (bitmask) */
+  unsigned long proxyauth; /* kind of proxy authentication to use (bitmask) */
   long followlocation; /* as in HTTP Location: */
   long maxredirs;    /* maximum no. of http(s) redirects to follow, set to -1
                         for infinity */
diff --git a/src/tool_cfgable.h b/src/tool_cfgable.h
index 614f8b9b043f01e3778a0464a60acb05e4eeaaa6..bef4822822ca96f622efc55f5598b6a25de7224d 100644
--- a/src/tool_cfgable.h
+++ b/src/tool_cfgable.h
@@ -37,7 +37,7 @@ struct Configurable {
   bool cookiesession;       /* new session? */
   bool encoding;            /* Accept-Encoding please */
   bool tr_encoding;         /* Transfer-Encoding please */
-  long authtype;            /* auth bitmask */
+  unsigned long authtype;   /* auth bitmask */
   bool use_resume;
   bool resume_from_current;
   bool disable_epsv;
diff --git a/src/tool_operate.c b/src/tool_operate.c
index 8c544194a672dc28081e62e35e6c9328456a48c8..61b04d7882c724b7f6a41cc270068a22e27feacb 100644
--- a/src/tool_operate.c
+++ b/src/tool_operate.c
@@ -680,7 +680,7 @@ int operate(struct Configurable *config, int argc, argv_item_t argv[])
           int authbits = 0;
           int bitcheck = 0;
           while(bitcheck < 32) {
-            if(config->authtype & (1 << bitcheck++)) {
+            if(config->authtype & (1UL << bitcheck++)) {
               authbits++;
               if(authbits > 1) {
                 /* more than one, we're done! */