When using Kerberos V5 authentication with a Windows based server, you should specify the user name part with the domain name in order for the server to successfully obtain a Kerberos Ticket. If you don't then the initial part of the authentication handshake may fail.
When using NTLM, the user name can be specified simply as the user name without the domain name should the server be part of a single domain and forest.
To specify the domain name use either Down-Level Logon Name or UPN (User Principal Name) formats. For example, EXAMPLE\user and firstname.lastname@example.org respectively.
Some HTTP servers (on Windows) support inclusion of the domain for Basic authentication as well.
When using HTTP and
#CURLOPT_FOLLOWLOCATION, libcurl might perform
several requests to possibly different hosts. libcurl will only send this user
and password information to hosts using the initial host name (unless
#CURLOPT_UNRESTRICTED_AUTH is set), so if libcurl follows locations to
other hosts it will not send the user and password to those. This is enforced
to prevent accidental information leakage.
#CURLOPT_HTTPAUTH to specify the authentication method for HTTP
based connections or
#CURLOPT_LOGIN_OPTIONS to control IMAP, POP3 and
The user and password strings are not URL decoded, so there's no way to send
in a user name containing a colon using this option. Use
#CURLOPT_USERNAME for that, or include it in the URL.