Good day,
We are having issues managing Windows hosts from Mac clients when the Ansible user is not the user logged into the Mac client. It appears the Kerberos ticket of the logged in user is always utilized. This is for both manual and managed ansible_winrm_kinit_mode. Setting KRB5CCNAME to point to the cache of the Ansible user works for klist, kinit, etc, but it does not appear to be honored when calling ansible.
As a workaround we can kdestroy the logged in user’s cache, but this negatively impacts other activities on the client. When only the Ansible user’s cache exists Ansible works as expected.
Is there anyway to direct ansible to a specific Kerberos cache?
Thank you for any assistance you can provide.