curl/docs/cmdline-opts/user.md

---
c: Copyright (C) Daniel Stenberg, <daniel@haxx.se>, et al.
SPDX-License-Identifier: curl
Long: user
Short: u
Arg: <user:password>
Help: Server user and password
Category: important auth
Added: 4.0
Multi: single
See-also:
  - netrc
  - config
Example:
  - -u user:secret $URL
---

# `--user`

Specify the username and password to use for server authentication. Overrides
--netrc and --netrc-optional.

If you simply specify the username, curl prompts for a password.

The username and passwords are split up on the first colon, which makes it
impossible to use a colon in the username with this option. The password can,
still.

On systems where it works, curl hides the given option argument from process
listings. This is not enough to protect credentials from possibly getting seen
by other users on the same system as they still are visible for a moment
before cleared. Such sensitive data should be retrieved from a file instead or
similar and never used in clear text in a command line.

When using Kerberos V5 with a Windows based server you should include the
Windows domain name in the username, in order for the server to successfully
obtain a Kerberos Ticket. If you do not, then the initial authentication
handshake may fail.

When using NTLM, the username can be specified simply as the username, without
the domain, if there is a single domain and forest in your setup for example.

To specify the domain name use either Down-Level Logon Name or UPN (User
Principal Name) formats. For example, EXAMPLE\user and user@example.com
respectively.

If you use a Windows SSPI-enabled curl binary and perform Kerberos V5,
Negotiate, NTLM or Digest authentication then you can tell curl to select the
username and password from your environment by specifying a single colon with
this option: "-u :".
docs/cmdline: change to .md for cmdline docs - switch all invidual files documenting command line options into .md, as the documentation is now markdown-looking. - made the parser treat 4-space indents as quotes - switch to building the curl.1 manpage using the "mainpage.idx" file, which lists the files to include to generate it, instead of using the previous page-footer/headers. Also, those files are now also .md ones, using the same format. I gave them underscore prefixes to make them sort separately: _NAME.md, _SYNOPSIS.md, _DESCRIPTION.md, _URL.md, _GLOBBING.md, _VARIABLES.md, _OUTPUT.md, _PROTOCOLS.md, _PROGRESS.md, _VERSION.md, _OPTIONS.md, _FILES.md, _ENVIRONMENT.md, _PROXYPREFIX.md, _EXITCODES.md, _BUGS.md, _AUTHORS.md, _WWW.md, _SEEALSO.md - updated test cases accordingly Closes #12751 2024-01-21 06:18:43 +08:00			`---`
copyright: update all copyright lines and remove year ranges - they are mostly pointless in all major jurisdictions - many big corporations and projects already don't use them - saves us from pointless churn - git keeps history for us - the year range is kept in COPYING checksrc is updated to allow non-year using copyright statements Closes #10205 2023-01-02 20:51:48 +08:00			`c: Copyright (C) Daniel Stenberg, <daniel@haxx.se>, et al.`
docs/cmdline-opts: add copyright and license identifier to each file gen.pl now insists on C: and SPDX-License-Identifier: fields to be present in all files. Closes #9002 2022-06-14 06:12:03 +08:00			`SPDX-License-Identifier: curl`
cmdline-docs: more options converted and fixed Now all options are in the new system. 2016-11-28 08:01:13 +08:00			`Long: user`
			`Short: u`
			`Arg: <user:password>`
			`Help: Server user and password`
docs: add categories to all cmdline opts Adapted gen.pl with 'listcats' This commit is a part of "--help me if you can" Closes #5680 2020-07-13 20:15:04 +08:00			`Category: important auth`
cmdline-opts: made the 'Added:' field mandatory Since "too old" versions are no longer included in the generated man page, this field is now mandatory so that it won't be forgotten and then not included in the documentation. Closes #7786 2021-09-28 17:50:07 +08:00			`Added: 4.0`
cmdline/docs: add a required 'multi' keyword for each option The keyword specifies how option works when specified multiple times: - single: the last provided value replaces the earlier ones - append: it supports being provided multiple times - boolean: on/off values - mutex: flag-like option that disable anoter flag The 'gen.pl' script then outputs the proper and unified language for each option's multi-use behavior in the generated man page. The multi: header is requires in each .d file and will cause build error if missing or set to an unknown value. Closes #9759 2022-10-18 16:39:43 +08:00			`Multi: single`
docs/cmdline: change to .md for cmdline docs - switch all invidual files documenting command line options into .md, as the documentation is now markdown-looking. - made the parser treat 4-space indents as quotes - switch to building the curl.1 manpage using the "mainpage.idx" file, which lists the files to include to generate it, instead of using the previous page-footer/headers. Also, those files are now also .md ones, using the same format. I gave them underscore prefixes to make them sort separately: _NAME.md, _SYNOPSIS.md, _DESCRIPTION.md, _URL.md, _GLOBBING.md, _VARIABLES.md, _OUTPUT.md, _PROTOCOLS.md, _PROGRESS.md, _VERSION.md, _OPTIONS.md, _FILES.md, _ENVIRONMENT.md, _PROXYPREFIX.md, _EXITCODES.md, _BUGS.md, _AUTHORS.md, _WWW.md, _SEEALSO.md - updated test cases accordingly Closes #12751 2024-01-21 06:18:43 +08:00			`See-also:`
			`- netrc`
			`- config`
			`Example:`
			`- -u user:secret $URL`
cmdline-docs: more options converted and fixed Now all options are in the new system. 2016-11-28 08:01:13 +08:00			`---`
docs/cmdline: change to .md for cmdline docs - switch all invidual files documenting command line options into .md, as the documentation is now markdown-looking. - made the parser treat 4-space indents as quotes - switch to building the curl.1 manpage using the "mainpage.idx" file, which lists the files to include to generate it, instead of using the previous page-footer/headers. Also, those files are now also .md ones, using the same format. I gave them underscore prefixes to make them sort separately: _NAME.md, _SYNOPSIS.md, _DESCRIPTION.md, _URL.md, _GLOBBING.md, _VARIABLES.md, _OUTPUT.md, _PROTOCOLS.md, _PROGRESS.md, _VERSION.md, _OPTIONS.md, _FILES.md, _ENVIRONMENT.md, _PROXYPREFIX.md, _EXITCODES.md, _BUGS.md, _AUTHORS.md, _WWW.md, _SEEALSO.md - updated test cases accordingly Closes #12751 2024-01-21 06:18:43 +08:00
			# `--user`

docs: more language cleanups - present tense - avoid bad words Closes #13003 2024-02-27 17:35:28 +08:00			`Specify the username and password to use for server authentication. Overrides`
cmdline-docs: more options converted and fixed Now all options are in the new system. 2016-11-28 08:01:13 +08:00			`--netrc and --netrc-optional.`

docs: more language cleanups - present tense - avoid bad words Closes #13003 2024-02-27 17:35:28 +08:00			`If you simply specify the username, curl prompts for a password.`
cmdline-docs: more options converted and fixed Now all options are in the new system. 2016-11-28 08:01:13 +08:00
docs: more language cleanups - present tense - avoid bad words Closes #13003 2024-02-27 17:35:28 +08:00			`The username and passwords are split up on the first colon, which makes it`
			`impossible to use a colon in the username with this option. The password can,`
cmdline-docs: more options converted and fixed Now all options are in the new system. 2016-11-28 08:01:13 +08:00			`still.`

cmdline-docs: use present tense, not future + some smaller cleanups Closes #11821 2023-09-08 20:32:29 +08:00			`On systems where it works, curl hides the given option argument from process`
			`listings. This is not enough to protect credentials from possibly getting seen`
docs/cmdline: change to .md for cmdline docs - switch all invidual files documenting command line options into .md, as the documentation is now markdown-looking. - made the parser treat 4-space indents as quotes - switch to building the curl.1 manpage using the "mainpage.idx" file, which lists the files to include to generate it, instead of using the previous page-footer/headers. Also, those files are now also .md ones, using the same format. I gave them underscore prefixes to make them sort separately: _NAME.md, _SYNOPSIS.md, _DESCRIPTION.md, _URL.md, _GLOBBING.md, _VARIABLES.md, _OUTPUT.md, _PROTOCOLS.md, _PROGRESS.md, _VERSION.md, _OPTIONS.md, _FILES.md, _ENVIRONMENT.md, _PROXYPREFIX.md, _EXITCODES.md, _BUGS.md, _AUTHORS.md, _WWW.md, _SEEALSO.md - updated test cases accordingly Closes #12751 2024-01-21 06:18:43 +08:00			`by other users on the same system as they still are visible for a moment`
cmdline-docs: use present tense, not future + some smaller cleanups Closes #11821 2023-09-08 20:32:29 +08:00			`before cleared. Such sensitive data should be retrieved from a file instead or`
			`similar and never used in clear text in a command line.`
curl.1: --user and --proxy-user are hidden from ps output Suggested-by: Eric Curtin Improved-by: Dan Fandrich Ref: #3680 Closes #3683 2019-03-14 18:49:35 +08:00
cmdline-docs: more options converted and fixed Now all options are in the new system. 2016-11-28 08:01:13 +08:00			`When using Kerberos V5 with a Windows based server you should include the`
docs: more language cleanups - present tense - avoid bad words Closes #13003 2024-02-27 17:35:28 +08:00			`Windows domain name in the username, in order for the server to successfully`
docs: reduce/avoid English contractions You're => You are Hasn't => Has not Doesn't => Does not Don't => Do not You'll => You will etc Closes #7930 2021-10-31 23:34:44 +08:00			`obtain a Kerberos Ticket. If you do not, then the initial authentication`
cmdline-docs: more options converted and fixed Now all options are in the new system. 2016-11-28 08:01:13 +08:00			`handshake may fail.`

docs: more language cleanups - present tense - avoid bad words Closes #13003 2024-02-27 17:35:28 +08:00			`When using NTLM, the username can be specified simply as the username, without`
			`the domain, if there is a single domain and forest in your setup for example.`
cmdline-docs: more options converted and fixed Now all options are in the new system. 2016-11-28 08:01:13 +08:00
			`To specify the domain name use either Down-Level Logon Name or UPN (User`
docs/cmdline: change to .md for cmdline docs - switch all invidual files documenting command line options into .md, as the documentation is now markdown-looking. - made the parser treat 4-space indents as quotes - switch to building the curl.1 manpage using the "mainpage.idx" file, which lists the files to include to generate it, instead of using the previous page-footer/headers. Also, those files are now also .md ones, using the same format. I gave them underscore prefixes to make them sort separately: _NAME.md, _SYNOPSIS.md, _DESCRIPTION.md, _URL.md, _GLOBBING.md, _VARIABLES.md, _OUTPUT.md, _PROTOCOLS.md, _PROGRESS.md, _VERSION.md, _OPTIONS.md, _FILES.md, _ENVIRONMENT.md, _PROXYPREFIX.md, _EXITCODES.md, _BUGS.md, _AUTHORS.md, _WWW.md, _SEEALSO.md - updated test cases accordingly Closes #12751 2024-01-21 06:18:43 +08:00			`Principal Name) formats. For example, EXAMPLE\user and user@example.com`
cmdline-docs: more options converted and fixed Now all options are in the new system. 2016-11-28 08:01:13 +08:00			`respectively.`

			`If you use a Windows SSPI-enabled curl binary and perform Kerberos V5,`
docs: more language cleanups - present tense - avoid bad words Closes #13003 2024-02-27 17:35:28 +08:00			`Negotiate, NTLM or Digest authentication then you can tell curl to select the`
			`username and password from your environment by specifying a single colon with`
			`this option: "-u :".`