diff options
author | Chris Church <chris@ninemoreminutes.com> | 2015-04-09 13:36:58 -0400 |
---|---|---|
committer | Chris Church <chris@ninemoreminutes.com> | 2015-04-09 13:37:11 -0400 |
commit | 5675982b0f64cbc3bf01eff63951d1302132c6d2 (patch) | |
tree | 2b4a08980e92734d7775aefa6388921187c1b0f1 /lib/ansible/runner | |
parent | 7f034a74d1c71907b407f00c9150850b35dba0d2 (diff) | |
download | ansible-5675982b0f64cbc3bf01eff63951d1302132c6d2.tar.gz |
Only try kerberos auth when username contains `@` and pass realm to pywinrm. Alternative to #10644, fixes #10577.
Diffstat (limited to 'lib/ansible/runner')
-rw-r--r-- | lib/ansible/runner/connection_plugins/winrm.py | 9 |
1 files changed, 7 insertions, 2 deletions
diff --git a/lib/ansible/runner/connection_plugins/winrm.py b/lib/ansible/runner/connection_plugins/winrm.py index 7a2d6d3318..eb02d74307 100644 --- a/lib/ansible/runner/connection_plugins/winrm.py +++ b/lib/ansible/runner/connection_plugins/winrm.py @@ -90,13 +90,18 @@ class Connection(object): return _winrm_cache[cache_key] exc = None for transport, scheme in self.transport_schemes['http' if port == 5985 else 'https']: - if transport == 'kerberos' and not HAVE_KERBEROS: + if transport == 'kerberos' and (not HAVE_KERBEROS or not '@' in self.user): continue + if transport == 'kerberos': + realm = self.user.split('@', 1)[1].strip() or None + else: + realm = None endpoint = urlparse.urlunsplit((scheme, netloc, '/wsman', '', '')) vvvv('WINRM CONNECT: transport=%s endpoint=%s' % (transport, endpoint), host=self.host) protocol = Protocol(endpoint, transport=transport, - username=self.user, password=self.password) + username=self.user, password=self.password, + realm=realm) try: protocol.send_message('') _winrm_cache[cache_key] = protocol |