hey, this is what I go worked for my env
this is the krb5.conf
# Configuration snippets may be placed in this directory as well
includedir /etc/krb5.conf.d/
[logging]
default = FILE:/var/log/krb5libs.log
kdc = FILE:/var/log/krb5kdc.log
admin_server = FILE:/var/log/kadmind.log
[libdefaults]
dns_lookup_realm = false
ticket_lifetime = 24h
renew_lifetime = 7d
forwardable = true
rdns = false
pkinit_anchors = FILE:/etc/pki/tls/certs/ca-bundle.crt
default_realm = DOMAIN.COM(your company domain)
default_ccache_name = KEYRING:persistent:%{uid}
[realms]
# kdc = kerberos.example.com
DOMAIN.COM = {
kdc = <the domain controller servers>
default_domain = DOMAIN.COM
admin_server = <ONE OF THE DOMAIN CONTROLLER SERVER>
}
[domain_realm]
.domain.com = DOMAIN.COM
domain.com = DOMAIN.COM
Just replace domain name to your domain name.
win vars:
[win:vars]
[email protected]
ansible_connection=winrm
ansible_winrm_scheme=http
ansible_shell_type=powershell
ansible_port=5985
ansible_winrm_transport=kerberos
#ansible_winrm_kinit_args="/opt/CA/uxauth/bin/uxconsole -krb -init"
asible_become_method=runas
#ansible_winrm_server_cert_validation=ignore
ansible_winrm_message_encryption=auto
validate_certs=false
Note: I got all the help from ansible documentation, you just need to tweak
a bit here and there.
On Friday, May 26, 2023 at 6:43:14 AM UTC-7 Rowe, Walter P. (Fed) wrote:
> The ansible documentation covers this well.
>
> Walter
> --
> Walter Rowe, Division Chief
> Infrastructure Services, OISM
> Mobile: 202.355.4123 <(202)%20355-4123>
>
> On May 26, 2023, at 9:38 AM, malek sakir <[email protected]> wrote:
>
> Anyone have proper documents for Kerberos-based Authentication for
> ansible then please help me .
>
>
> Thank You
> Malek Sakir.
>
> --
> You received this message because you are subscribed to the Google Groups
> "Ansible Project" group.
> To unsubscribe from this group and stop receiving emails from it, send an
> email to [email protected].
> To view this discussion on the web visit
> https://groups.google.com/d/msgid/ansible-project/89ffbe82-da04-4a61-93a9-f69414ddaa5an%40googlegroups.com
>
> <https://groups.google.com/d/msgid/ansible-project/89ffbe82-da04-4a61-93a9-f69414ddaa5an%40googlegroups.com?utm_medium=email&utm_source=footer>
> .
>
>
>
--
You received this message because you are subscribed to the Google Groups
"Ansible Project" group.
To unsubscribe from this group and stop receiving emails from it, send an email
to [email protected].
To view this discussion on the web visit
https://groups.google.com/d/msgid/ansible-project/f69964b4-31f5-44e4-add3-a5fee28c68a1n%40googlegroups.com.
