I agree, that’s a good point. You might very well want to use basic auth or NTLM to authenticate a domain user.
So the ‘ansible_authorization_type’ parameter suggested by jhawkesworth would probably be a better way to select the auth mechanism.
Nico
Hey Nico,
I replied to Trod’s post, but basic auth doesnt work for domain users. If you step back, the form of the credentials dictates what mechanisms you can use. A UPN is the only case where you have a choice, but pywinrm does not support NTLM, so your stuck with keberos. However, I suspect that even if NTLM was available you would not need to choose - just send an SPNEGO token and add the NTLM mech oid and let the server decide on NTLM or Kerberos.
“but basic auth doesnt work for domain users” - I’ve never tested this but it should surely work? Do you have any documentation stating that it doesn’t?
Ian, I saw your reply in the other thread. Wow, this is news to me - thanks for digging up the info!