-
Notifications
You must be signed in to change notification settings - Fork 261
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Kerberos & Channel Binding Token (CBT). #161
Comments
Have the same trouble. |
Did not find the right answer! I have the same problem |
I haven't fully tested this but it will probably require a change in pykerberos and requests-kerberos library to handle this as it isn't a WinRM but rather an auth mechanism which isn't under the scope of Pywinrm. I had to go through this process for NTLM as the original libraries didn't support this and it required a change for it to do so. Feel free to raise some PRs to get this through as it would be a worthwhile addition to have, I know my organisation has CBT set to strict and we just went the NTLMv2 route. |
I just created 2 PRs that are designed to add in support for CBT and Kerberos where requests-kerberos is dependent on the pykerberos change. I'm fairly new to C so the pykerberos changes will probably go through a few iterations before a hopeful merge. In the end you can install these separately and try them out but I would expect them to change at some point. The last time I did this for NTLM CBT it took 3 months to get it all through but I am hoping it will be quicker this time round. @nitzmahone if you have any connections or even tips on speeding up these PRs it would be greatly appreciated. |
pywinrm v0.3.0 and the required downstream libraries has just been released which adds supports for CBT with kerberos https://github.com/diyan/pywinrm/releases/tag/v0.3.0. |
Hi,
after enable Channel Binding Token with domain policy (CbtHardeningLevel = Strict)
I get error
ansible (2.2.1.0), pywinrm (0.2.1), pykerberos (1.1.13), requests-kerberos (0.10.0) are installed in to ansible linux host.
Ansible connections parameters:
Unfortunately we can't use NTLM instead of Kerberos because of internal security requirements.
How can I resolve this problem, using Kerberos authorisation only ?
The text was updated successfully, but these errors were encountered: