Hi All, I think its great ansible is leveraging powershell and avoids unnecessary agents, but using basic authentication which forces local admin accounts on Windows wont cut it. Local Admin accounts are generally viewed as a security risk and a nightmare to manage. We've got 50K+ hosts deployed. As we know, Microsoft's WS-Man implementation, WinRM only supports domain credentials when using Negotiate, CredSSP and Kerberos. CredSSP enables 'double hop', but it will probably be the most work - pywinrm (already used by ansible) has working support for Kerberos (we've tested it)
Is anyone looking into plugging kerberos support into ansible for authenticating to Windows hosts? Ian -- You received this message because you are subscribed to the Google Groups "Ansible Project" group. To unsubscribe from this group and stop receiving emails from it, send an email to [email protected]. To post to this group, send email to [email protected]. To view this discussion on the web visit https://groups.google.com/d/msgid/ansible-project/df22cd58-359c-4342-8e21-fc278a65b954%40googlegroups.com. For more options, visit https://groups.google.com/d/optout.
