docs: Update SPNEGO and GSS-API related doc sections

    POP3S, RTMP, RTSP, SCP, SFTP, SMTP, SMTPS, TELNET and TFTP.

    libcurl supports HTTPS certificates, HTTP POST, HTTP PUT, FTP uploading,

    kerberos, HTTP form based upload, proxies, cookies, user+password

    Kerberos, SPNEGO, HTTP form based upload, proxies, cookies, user+password

    authentication, file transfer resume, http proxy tunneling and more!

    libcurl is highly portable, it builds and works identically on numerous

    platforms, including Solaris, NetBSD, FreeBSD, OpenBSD, Darwin, HPUX,

    platforms, including Solaris, NetBSD, FreeBSD, OpenBSD, Darwin, HP-UX,

    IRIX, AIX, Tru64, Linux, UnixWare, HURD, Windows, Amiga, OS/2, BeOS, Mac

    OS X, Ultrix, QNX, OpenVMS, RISC OS, Novell NetWare, DOS, Symbian, OSF,

    Android, Minix, IBM TPF and more...

 - POST

 - Pipelining

 - multipart formpost (RFC1867-style)

 - authentication: Basic, Digest, NTLM (*9), Negotiate (*3) and to server and

   proxy

 - authentication: Basic, Digest, NTLM (*9) and Negotiate (SPNEGO) (*3)

   to server and proxy

 - resume (both GET and PUT)

 - follow redirects

 - maximum amount of redirects to follow

 - download

 - authentication

 - kerberos4 (*5)

 - kerberos5 (*3)

 - Kerberos 5 (*14)

 - active/passive using PORT, EPRT, PASV or EPSV

 - single file size information (compare to HTTP HEAD)

 - 'type=' URL support

  *1 = requires OpenSSL, GnuTLS, NSS, yassl, axTLS, PolarSSL, WinSSL (native

       Windows), Secure Transport (native iOS/OS X) or qssl (native IBM i)

  *2 = requires OpenLDAP

  *3 = requires a GSSAPI-compliant library, such as Heimdal or similar

  *3 = requires a GSS-API implementation (such as Heimdal or MIT Kerberos) or

       SSPI (native Windows)

  *4 = requires nghttp2 and possibly a recent TLS library

  *5 = requires a krb4 library, such as the MIT one or similar

  *6 = requires c-ares

  *12 = requires libz

  *13 = requires libmetalink, and either an Apple or Microsoft operating

        system, or OpenSSL, or GnuTLS, or NSS

  *14 = requires a GSS-API implementation (such as Heimdal or MIT Kerberos)

  acknowledged after the actual TCP connect (during the SOCKS "negotiate"

  phase).

10. To get HTTP Negotiate authentication to work fine, you need to provide a

  (fake) user name (this concerns both curl and the lib) because the code

  wrongly only considers authentication if there's a user name provided.

10. To get HTTP Negotiate (SPNEGO) authentication to work fine, you need to

  provide a (fake) user name (this concerns both curl and the lib) because the

  code wrongly only considers authentication if there's a user name provided.

  http://curl.haxx.se/bug/view.cgi?id=440 How?

  http://curl.haxx.se/mail/lib-2004-08/0182.html

        curl -u name:passwd http://machine.domain/full/path/to/file

   HTTP offers many different methods of authentication and curl supports

   several: Basic, Digest, NTLM and Negotiate. Without telling which method to

   use, curl defaults to Basic. You can also ask curl to pick the most secure

   ones out of the ones that the server accepts for the given URL, by using

   --anyauth.

   several: Basic, Digest, NTLM and Negotiate (SPNEGO). Without telling which

   method to use, curl defaults to Basic. You can also ask curl to pick the

   most secure ones out of the ones that the server accepts for the given URL,

   by using --anyauth.

   NOTE! According to the URL specification, HTTP URLs can not contain a user

   and password, so that style will not work when using curl via a proxy, even

.\" *

.\" **************************************************************************

.\"

.TH curl 1 "27 July 2012" "Curl 7.27.0" "Curl Manual"

.TH curl 1 "2 Aug 2014" "Curl 7.38.0" "Curl Manual"

.SH NAME

curl \- transfer a URL

.SH SYNOPSIS

should be one of 'clear', 'safe', 'confidential', or 'private'. Should you use

a level that is not one of these, 'private' will instead be used.

This option requires a library built with kerberos4 or GSSAPI

(GSS-Negotiate) support. This is not very common. Use \fI-V, --version\fP to

see if your curl supports it.

This option requires a library built with kerberos4 support. This is not

very common. Use \fI-V, --version\fP to see if your curl supports it.

If this option is used several times, the last one will be used.

.IP "-l, --list-only"

\fBoptional\fP and not mandatory as the \fI--netrc\fP option does.

.IP "--negotiate"

(HTTP) Enables GSS-Negotiate authentication. The GSS-Negotiate method was

designed by Microsoft and is used in their web applications. It is primarily

meant as a support for Kerberos5 authentication but may be also used along

with another authentication method. For more information see IETF draft

draft-brezak-spnego-http-04.txt.

(HTTP) Enables Negotiate (SPNEGO) authentication.

If you want to enable Negotiate for your proxy authentication, then use

If you want to enable Negotiate (SPNEGO) for proxy authentication, then use

\fI--proxy-negotiate\fP.

This option requires a library built with GSSAPI support. This is

not very common. Use \fI-V, --version\fP to see if your version supports

GSS-Negotiate.

This option requires a library built with GSS-API or SSPI support. Use \fI-V,

--version\fP to see if your curl supports GSS-API/SSPI and SPNEGO.

When using this option, you must also provide a fake \fI-u, --user\fP option to

activate the authentication code properly. Sending a '-u :' is enough as the

Tells curl to use HTTP Digest authentication when communicating with the given

proxy. Use \fI--digest\fP for enabling HTTP Digest with a remote host.

.IP "--proxy-negotiate"

Tells curl to use HTTP Negotiate authentication when communicating

with the given proxy. Use \fI--negotiate\fP for enabling HTTP Negotiate

Tells curl to use HTTP Negotiate (SPNEGO) authentication when communicating

with the given proxy. Use \fI--negotiate\fP for enabling HTTP Negotiate (SPNEGO)

with a remote host. (Added in 7.17.1)

.IP "--proxy-ntlm"

Tells curl to use HTTP NTLM authentication when communicating with the given

sockd/real-name would use sockd/real-name for cases where the proxy-name does

not match the principal name.  (Added in 7.19.4).

.IP "--socks5-gssapi-nec"

As part of the gssapi negotiation a protection mode is negotiated. RFC 1961

As part of the GSS-API negotiation a protection mode is negotiated. RFC 1961

says in section 4.3/4.4 it should be protected, but the NEC reference

implementation does not.  The option \fI--socks5-gssapi-nec\fP allows the

unprotected exchange of the protection mode negotiation. (Added in 7.19.4).

Automatic decompression of compressed files over HTTP is supported.

.IP "NTLM"

NTLM authentication is supported.

.IP "GSS-Negotiate"

Negotiate authentication and krb5 for FTP is supported.

.IP "Debug"

This curl uses a libcurl built with Debug. This enables more error-tracking

and memory debugging etc. For curl-developers only!

.IP "AsynchDNS"

This curl uses asynchronous name resolves.

.IP "SPNEGO"

SPNEGO Negotiate authentication is supported.

SPNEGO authentication is supported.

.IP "Largefile"

This curl supports transfers of large files, files larger than 2GB.

.IP "IDN"

This curl supports IDN - international domain names.

.IP "GSS-API"

GSS-API is supported.

.IP "SSPI"

SSPI is supported. If you use Negotiate or NTLM authentication and set a blank

user name, curl will authenticate with your current user and password.

SSPI is supported.

.IP "TLS-SRP"

SRP (Secure Remote Password) authentication is supported for TLS.

.IP "Metalink"