1 .\" **************************************************************************
3 .\" * Project ___| | | | _ \| |
4 .\" * / __| | | | |_) | |
5 .\" * | (__| |_| | _ <| |___
6 .\" * \___|\___/|_| \_\_____|
8 .\" * Copyright (C) 1998 - 2014, Daniel Stenberg, <daniel@haxx.se>, et al.
10 .\" * This software is licensed as described in the file COPYING, which
11 .\" * you should have received as part of this distribution. The terms
12 .\" * are also available at http://curl.haxx.se/docs/copyright.html.
14 .\" * You may opt to use, copy, modify, merge, publish, distribute and/or sell
15 .\" * copies of the Software, and permit persons to whom the Software is
16 .\" * furnished to do so, under the terms of the COPYING file.
18 .\" * This software is distributed on an "AS IS" basis, WITHOUT WARRANTY OF ANY
19 .\" * KIND, either express or implied.
21 .\" **************************************************************************
23 .TH CURLOPT_HTTPAUTH 3 "2 Aug 2014" "libcurl 7.38.0" "curl_easy_setopt options"
25 CURLOPT_HTTPAUTH \- set HTTP server authentication methods to try
28 #include <curl/curl.h>
30 CURLcode curl_easy_setopt(CURL *handle, CURLOPT_HTTPAUTH, long bitmask);
32 Pass a long as parameter, which is set to a bitmask, to tell libcurl which
33 authentication method(s) you want it to use speaking to the remote server.
35 The available bits are listed below. If more than one bit is set, libcurl will
36 first query the site to see which authentication methods it supports and then
37 pick the best one you allow it to use. For some methods, this will induce an
38 extra network round-trip. Set the actual name and password with the
39 \fICURLOPT_USERPWD(3)\fP option or with the \fICURLOPT_USERNAME(3)\fP and the
40 \fICURLOPT_PASSWORD(3)\fP options.
42 For authentication with a proxy, see \fICURLOPT_PROXYAUTH(3)\fP.
45 HTTP Basic authentication. This is the default choice, and the only method
46 that is in wide-spread use and supported virtually everywhere. This sends
47 the user name and password over the network in plain text, easily captured by
50 HTTP Digest authentication. Digest authentication is defined in RFC2617 and
51 is a more secure way to do authentication over public networks than the
52 regular old-fashioned Basic method.
53 .IP CURLAUTH_DIGEST_IE
54 HTTP Digest authentication with an IE flavor. Digest authentication is
55 defined in RFC2617 and is a more secure way to do authentication over public
56 networks than the regular old-fashioned Basic method. The IE flavor is simply
57 that libcurl will use a special "quirk" that IE is known to have used before
58 version 7 and that some servers require the client to use.
59 .IP CURLAUTH_NEGOTIATE
60 HTTP Negotiate (SPNEGO) authentication. Negotiate authentication is defined
61 in RFC 4559 and is the most secure way to perform authentication over HTTP.
63 You need to build libcurl with a suitable GSS-API library or SSPI on Windows
66 HTTP NTLM authentication. A proprietary protocol invented and used by
67 Microsoft. It uses a challenge-response and hash concept similar to Digest, to
68 prevent the password from being eavesdropped.
70 You need to build libcurl with either OpenSSL, GnuTLS or NSS support for this
71 option to work, or build libcurl on Windows with SSPI support.
73 NTLM delegating to winbind helper. Authentication is performed by a separate
74 binary application that is executed when needed. The name of the application
75 is specified at compile time but is typically /usr/bin/ntlm_auth
77 Note that libcurl will fork when necessary to run the winbind application and
78 kill it when complete, calling waitpid() to await its exit when done. On POSIX
79 operating systems, killing the process will cause a SIGCHLD signal to be
80 raised (regardless of whether \fICURLOPT_NOSIGNAL(3)\fP is set), which must be
81 handled intelligently by the application. In particular, the application must
82 not unconditionally call wait() in its SIGCHLD signal handler to avoid being
83 subject to a race condition. This behavior is subject to change in future
86 This is a convenience macro that sets all bits and thus makes libcurl pick any
87 it finds suitable. libcurl will automatically select the one it finds most
90 This is a convenience macro that sets all bits except Basic and thus makes
91 libcurl pick any it finds suitable. libcurl will automatically select the one
94 This is a meta symbol. OR this value together with a single specific auth
95 value to force libcurl to probe for un-restricted auth and if not, only that
96 single auth algorithm is acceptable.
104 Option Added in 7.10.6.
106 CURLAUTH_DIGEST_IE was added added in 7.19.3
108 CURLAUTH_ONLY was added in 7.21.3
110 CURLAUTH_NTLM_WB was added in 7.22.0
112 Returns CURLE_OK if the option is supported, CURLE_UNKNOWN_OPTION if not, or
113 CURLE_NOT_BUILT_IN if the bitmask specified no supported authentication
116 .BR CURLOPT_PROXYAUTH "(3), " CURLOPT_USERPWD "(3), "