diff --git a/docs/curl.1 b/docs/curl.1 index 30c18763a..ebacfa243 100644 --- a/docs/curl.1 +++ b/docs/curl.1 @@ -1627,6 +1627,19 @@ The user name and passwords are split up on the first colon, which makes it impossible to use a colon in the user name with this option. The password can, still. +When using Kerberos V5 with a Windows based server you should include the +Windows domain name in the user name, in order for the server to succesfully +obtain a Kerberos Ticket. If you don't then the initial authentication +handshake may fail. + +When using NTLM, the user name can be specified simply as the user name, +without the domain, if there is a single domain and forest in your setup +for example. + +To specify the domain name use either Down-Level Logon Name or UPN (User +Principal Name) formats. For example, EXAMPLE\user and user@example.com +respectively. + If you use a Windows SSPI-enabled curl binary and perform Kerberos V5, Negotiate or NTLM authentication then you can tell curl to select the user name and password from your environment by specifying a single colon with this