http://curl.se/docs/httpscripting.html
See part 6. HTTP Authentication
HTTP Authentication
HTTP Authentication is the ability to tell the server your username and
password so that it can verify that you’re allowed to do the request you’re
doing. The Basic authentication used in HTTP (which is the type curl uses by
default) is plain text based, which means it sends username and password
only slightly obfuscated, but still fully readable by anyone that sniffs on
the network between you and the remote server.
To tell curl to use a user and password for authentication:
curl --user name:password http://www.example.com
The site might require a different authentication method (check the headers
returned by the server), and then –ntlm, –digest, –negotiate or even
–anyauth might be options that suit you.
Sometimes your HTTP access is only available through the use of a HTTP
proxy. This seems to be especially common at various companies. A HTTP proxy
may require its own user and password to allow the client to get through to
the Internet. To specify those with curl, run something like:
curl --proxy-user proxyuser:proxypassword curl.haxx.se
If your proxy requires the authentication to be done using the NTLM method,
use –proxy-ntlm, if it requires Digest use –proxy-digest.
If you use any one these user+password options but leave out the password
part, curl will prompt for the password interactively.
Do note that when a program is run, its parameters might be possible to see
when listing the running processes of the system. Thus, other users may be
able to watch your passwords if you pass them as plain command line
options. There are ways to circumvent this.
It is worth noting that while this is how HTTP Authentication works, very
many web sites will not use this concept when they provide logins etc. See
the Web Login chapter further below for more details on that.