I want to disable basic authentication and ran across this thread: How to make CQ5 working with enabled basic http authentication dispatcher . I didn't get any hits, maybe because the thread was so old, so I'll post here as a new topic.
I know this will break replication, but I'm just curious on how to do it. It appears that I can set HTTP Basic Authentication on http://localhost:4502/system/console/configMgr/org.apache.sling.engine.impl.auth.SlingAuth enticator to Disabled, but that doesn't seem to work on several AEM 6.2 instances I have tested on. Replication is still working and I can pass the basic authentication headers to the admin UI and it logs me in.
Instead of disabling basic auth on publish, just don't include Authorization header in the /clientheaders config of the dispatcher configuration. That effectively prevents basic auth from the outside world.