Unable to negotiate to a different domain using curl

Question

I want to use curl to access a web server on domain B.COM from the domain A.COM with the credentials of a user of B.COM. All of that using Kerberos authentication. So I use the following command:

curl.exe --negotiate -u username_domain_b:password myserver.b.com

There is a trust between both domain but the problem is that the AS-REQ/TGS-REQ request are sent to the domain controller of domain A.COM instead of domain B.COM. Therefore the SPNEGO authentication fails, fallback to NTLM (which isn't enabled in my web server) and thus I get an unauthorized response.

Is there a way to let curl negotiate with the DC of domain B.COM and thus complete the Kerberos authentication properly ?

Answer 1

Open a command prompt with

runas /user:your_user cmd.exe

With this command prompt you can use curl with the impersonated identity

curl.exe --negotiate -u anything:any myserver.b.com

If there is a better solution, I would like to know !