diff --git a/README.md b/README.md index b623512..9a26953 100644 --- a/README.md +++ b/README.md @@ -8,29 +8,7 @@ Download from the releases page and copy the py-winrm-plugin-X.X.X.zip to the li ## Requierments -The plugin needs the python module pywinrm. It can be installed with the following command: ```pip install pywinrm``` - -Additional, it could be added the support for kerberos and credSSP autentication: - -### To use Kerberos authentication you need these optional dependencies -#### for Debian/Ubuntu/etc: - -``` -$ sudo apt-get install python-dev libkrb5-dev -$ pip install pywinrm[kerberos] -``` - -#### for RHEL/CentOS/etc: -``` -$ sudo yum install gcc krb5-devel krb5-workstation -$ pip install pywinrm[kerberos] -``` - -### To use CredSSP authentication you need these optional dependencies -``` -pip install pywinrm[credssp] -``` - +The plugin needs the python module **pywinrm**. It can be installed with the following command: ```pip install pywinrm``` For further information see: [https://pypi.python.org/pypi/pywinrm @@ -39,7 +17,7 @@ For further information see: ## Configuration -* **Authentication Type**: The authentication type used for the connection: basic, ntlm, credssp. It can be overwriting at node level using `winrm-authtype` +* **Authentication Type**: The authentication type used for the connection: basic, ntlm, credssp, kerberos. It can be overwriting at node level using `winrm-authtype` * **Username**: (Optional) Username that will connect to the remote node. This value can be set also at node level or as a job input option (with the name `username) * **Password Storage Path**: Key storage path of the window's user password. It can be overwriting at node level using `winrm-password-storage-path`. Also the password can be overwritten on the job level using an input secure option called `winrmpassword` @@ -48,6 +26,10 @@ For further information see: * **WinRM Port**: WinRM port (Default: 5985/5986 for http/https). It can be overwriting at node level using `winrm-port` * **Shell**: Windows Shell interpreter (powershell o cmd). It can be overwriting at node level using `winrm-shell` +For Kerberos +* **krb5 Config File**: path of the krb5.conf (default: /etc/krb5.conf) +* **Kinit Command**: `kinit` command used for create ticket (default: kinit) + ## Node definition example @@ -63,11 +45,68 @@ For further information see: osVersion="6.3" username="rundeckuser@domain.local" winrm-password-storage-path="keys/node/windows.password" - winrm-authtype="credssp"/> + winrm-authtype="basic"/> ``` The username can be overwritten using a job input option called "username"` or it can be set at project level. +## Transport methods +The transport methods supported are: + +* basic +* kerberos +* ntlm +* credssp + +Further information [here](https://github.com/diyan/pywinrm#valid-transport-options) + + +### CredSSP + +To use CredSSP authentication you need these optional dependencies +``` +pip install pywinrm[credssp] +``` + +## Kerberos + +The pywinrm library has support for kerberos authentication, but it cannot create the kerberos ticket, which needs to be initiate outside the pywinrm scope: + +``` +kerberos: Will use Kerberos authentication for domain accounts which only works when the client is in the same domain as the server and the required dependencies are installed. Currently a Kerberos ticket needs to be initialized outside of pywinrm using the kinit command. + +``` +Source [here](https://github.com/diyan/pywinrm#valid-transport-options) + + +So, in order to connect to a windows box using kerberos we added a call to the `kinit username` command before connecting to the node. + +In resume, to use Kerberos authentication the following requirements are needed: + +* domain accounts which only works when the client is in the same domain as the server +* kerberos client installed +* domain set on krb5.conf file (default /etc/krb5.conf) +* python `pexpect` library +* python `kerberos` library +* Kerberos authentication enabled on remote windows node (WINRM settings) + +### Install Basic dependencies +#### for Debian/Ubuntu/etc: + +``` +$ sudo apt-get install python-dev libkrb5-dev +$ pip install pywinrm[kerberos] +$ pip install pexpect +``` + +#### for RHEL/CentOS/etc: +``` +$ sudo yum install gcc krb5-devel krb5-workstation +$ pip install pywinrm[kerberos] +$ pip install pexpect +``` + + ## Limitations Don't use the file copier to transfer big files, the performance is not the best to transfer large files. It works OK passing inline scripts to remote windows nodes diff --git a/contents/kerberosauth.py b/contents/kerberosauth.py new file mode 100644 index 0000000..3e94178 --- /dev/null +++ b/contents/kerberosauth.py @@ -0,0 +1,106 @@ +import os +import json + +try: + import pexpect +except ImportError as e: + pass + + +class KerberosAuth(object): + def __init__(self, krb5config, kinit_command, log, username, password): + self.krb5config = krb5config + self.kinit_command = kinit_command + self.log = log + self.username = username + self.password = password + + + + def get_ticket(self): + kinit = [self.kinit_command] + + kinit_arg = [] + kinit_arg.append("-f") + kinit_arg.append("-V") + kinit_arg.append(self.username) + + self.log.debug("running kinit %s" %kinit) + + krb5env=() + if(self.krb5config): + os.environ["KRB5_CONFIG"]=self.krb5config + krb5env = dict(KRB5_CONFIG=self.krb5config) + + try: + process = pexpect.spawn(kinit.pop(0), kinit_arg, timeout=60, env=krb5env) + except pexpect.ExceptionPexpect as err: + msg = "Error creating kerberos ticket %s" % err + self.log.error(msg) + raise Exception(msg) + + process.expect(".*:") + process.sendline(self.password) + + output = process.read() + process.wait() + self.log.debug("Exist status: %s" %process.exitstatus) + self.log.debug("kinit finish with message %s" %output) + + exitCode = process.exitstatus + + if exitCode != 0: + msg = "kinit failed %s" % output + self.log.error(msg) + raise Exception(msg) + + self.log.debug("kinit succeeded for %s" % self.username) + + + #just for macos (skipped by the moment) + def check_ticket(self): + try: + + klist_command = ["klist"] + kinit_arg = [] + kinit_arg.append("--list-all") + kinit_arg.append("--json") + self.log.debug("running klist %s %s" % (klist_command,kinit_arg)) + + krb5env = () + if (self.krb5config): + os.environ["KRB5_CONFIG"] = self.krb5config + krb5env = dict(KRB5_CONFIG=self.krb5config) + + try: + process = pexpect.spawn(klist_command.pop(0), kinit_arg, timeout=60, + env=krb5env, echo=False) + except pexpect.ExceptionPexpect as err: + msg = "Error checking klist %s" % err + self.log.error(msg) + return False + + process.expect(".*") + output = process.read() + process.wait() + if process.exitstatus!=0: + return False + + self.log.debug("klist result %s" % output) + results = json.loads(output) + + for item in results: + ticket_name=item["Name"] + expired=item["Expired"] + + if ticket_name.upper() == self.username.upper(): + self.log.debug("Ticket found for user %s, expired: %s"%(ticket_name, expired)) + if expired == "no": + self.log.debug("Ticket not expired, skipping kinit") + + return True + + return False + except Exception as e: + self.log.debug("error running klist command : %s" %e) + return False diff --git a/contents/winrm-check.py b/contents/winrm-check.py index 70c0df3..ecabc18 100644 --- a/contents/winrm-check.py +++ b/contents/winrm-check.py @@ -1,4 +1,3 @@ -import winrm try: import os; os.environ['PATH'] except: @@ -6,11 +5,79 @@ os.environ.setdefault('PATH', '') import sys import argparse -import requests.packages.urllib3 -requests.packages.urllib3.disable_warnings() import logging import colored_formatter from colored_formatter import ColoredFormatter +import kerberosauth + + +#checking and importing dependencies +ISPY3 = sys.version_info[0] == 3 +WINRM_INSTALLED = False +URLLIB_INSTALLED = False +KRB_INSTALLED = False +HAS_NTLM = False +HAS_CREDSSP = False +HAS_PEXPECT = False + +if ISPY3: + from inspect import getfullargspec as getargspec +else: + from inspect import getargspec + +try: + import requests.packages.urllib3 + requests.packages.urllib3.disable_warnings() + URLLIB_INSTALLED = True +except ImportError as e: + URLLIB_INSTALLED = False + +try: + import winrm + + WINRM_INSTALLED = True +except ImportError as e: + WINRM_INSTALLED = False + +try: + from requests_kerberos import HTTPKerberosAuth, REQUIRED, OPTIONAL, DISABLED + + KRB_INSTALLED = True +except ImportError: + KRB_INSTALLED = False + +try: + from requests_ntlm import HttpNtlmAuth + + HAS_NTLM = True +except ImportError as ie: + HAS_NTLM = False + +try: + from requests_credssp import HttpCredSSPAuth + + HAS_CREDSSP = True +except ImportError as ie: + HAS_CREDSSP = False + +try: + import pexpect + + if hasattr(pexpect, 'spawn'): + argspec = getargspec(pexpect.spawn.__init__) + if 'echo' in argspec.args: + HAS_PEXPECT = True +except ImportError as e: + HAS_PEXPECT = False + +log_level = 'INFO' +if os.environ.get('RD_JOB_LOGLEVEL') == 'DEBUG': + log_level = 'DEBUG' +else: + log_level = 'ERROR' + +##end + log_level = 'INFO' if os.environ.get('RD_JOB_LOGLEVEL') == 'DEBUG': @@ -37,6 +104,8 @@ parser.add_argument('--diabletls12', help='diabletls12',default="False") parser.add_argument('--debug', help='debug',default="False") parser.add_argument('--certpath', help='certpath') +parser.add_argument('--krb5config', help='krb5config',default="/etc/krb5.conf") + args = parser.parse_args() @@ -44,6 +113,10 @@ username = None password = None certpath = None +forceTicket = False + +krb5config = None +kinit = "kinit" if args.hostname: hostname = args.hostname @@ -63,6 +136,9 @@ if args.port: port = args.port +if args.krb5config: + krb5config = args.krb5config + if args.nossl: if args.nossl == "true": nossl = True @@ -100,6 +176,13 @@ if os.getenv("RD_JOB_LOGLEVEL") == "DEBUG": debug = True +if "RD_CONFIG_KRB5CONFIG" in os.environ: + krb5config = os.getenv("RD_CONFIG_KRB5CONFIG") + +if "RD_CONFIG_KINIT" in os.environ: + kinit = os.getenv("RD_CONFIG_KINIT") + + endpoint=transport+'://'+hostname+':'+port log.debug("------------------------------------------") @@ -109,11 +192,39 @@ log.debug("nossl:" + str(nossl)) log.debug("transport:" + str(transport)) log.debug("diabletls12:" + str(diabletls12)) +log.debug("krb5config:" + krb5config) +log.debug("kinit command:" + kinit) + + if(certpath): log.debug("certpath:" + certpath) log.debug("------------------------------------------") +if not URLLIB_INSTALLED: + log.error("request and urllib3 not installed, try: pip install requests && pip install urllib3") + sys.exit(1) + +if not WINRM_INSTALLED: + log.error("winrm not installed, try: pip install pywinrm") + sys.exit(1) + +if authentication == "kerberos" and not KRB_INSTALLED: + log.error("Kerberos not installed, try: pip install pywinrm[kerberos]") + sys.exit(1) + +if authentication == "kerberos" and not HAS_PEXPECT: + log.error("pexpect not installed, try: pip install pexpect") + sys.exit(1) + +if authentication == "credssp" and not HAS_CREDSSP: + log.error("CredSSP not installed, try: pip install pywinrm[credssp]") + sys.exit(1) + +if authentication == "ntlm" and not HAS_NTLM: + log.error("NTLM not installed, try: pip install requests_ntlm") + sys.exit(1) + arguments={} arguments["transport"] = authentication @@ -126,12 +237,17 @@ arguments["credssp_disable_tlsv1_2"] = diabletls12 +if authentication == "kerberos": + k5bConfig = kerberosauth.KerberosAuth(krb5config=krb5config, log=log, kinit_command=kinit,username=username, password=password) + k5bConfig.get_ticket() + session = winrm.Session(target=endpoint, auth=(username, password), **arguments) exec_command = "ipconfig" result = session.run_cmd(exec_command) +print(result.std_out) if(result.std_err): print("Connection with host %s fail" % hostname) diff --git a/contents/winrm-exec.py b/contents/winrm-exec.py index 29177e6..38602f1 100644 --- a/contents/winrm-exec.py +++ b/contents/winrm-exec.py @@ -5,14 +5,71 @@ import os os.environ.setdefault('PATH', '') import sys -import requests.packages.urllib3 import winrm_session import threading -import winrm import logging import colored_formatter +import kerberosauth from colored_formatter import ColoredFormatter -requests.packages.urllib3.disable_warnings() + +#checking and importing dependencies +ISPY3 = sys.version_info[0] == 3 +WINRM_INSTALLED = False +URLLIB_INSTALLED = False +KRB_INSTALLED = False +HAS_NTLM = False +HAS_CREDSSP = False +HAS_PEXPECT = False + +if ISPY3: + from inspect import getfullargspec as getargspec +else: + from inspect import getargspec + +try: + import requests.packages.urllib3 + requests.packages.urllib3.disable_warnings() + URLLIB_INSTALLED = True +except ImportError as e: + URLLIB_INSTALLED = False + +try: + import winrm + + WINRM_INSTALLED = True +except ImportError as e: + WINRM_INSTALLED = False + +try: + from requests_kerberos import HTTPKerberosAuth, REQUIRED, OPTIONAL, DISABLED + + KRB_INSTALLED = True +except ImportError: + KRB_INSTALLED = False + +try: + from requests_ntlm import HttpNtlmAuth + + HAS_NTLM = True +except ImportError as ie: + HAS_NTLM = False + +try: + from requests_credssp import HttpCredSSPAuth + + HAS_CREDSSP = True +except ImportError as ie: + HAS_CREDSSP = False + +try: + import pexpect + + if hasattr(pexpect, 'spawn'): + argspec = getargspec(pexpect.spawn.__init__) + if 'echo' in argspec.args: + HAS_PEXPECT = True +except ImportError as e: + HAS_PEXPECT = False log_level = 'INFO' if os.environ.get('RD_JOB_LOGLEVEL') == 'DEBUG': @@ -20,6 +77,8 @@ else: log_level = 'ERROR' +##end + console = logging.StreamHandler() console.setFormatter(ColoredFormatter(colored_formatter.format())) console.stream=sys.stdout @@ -40,6 +99,9 @@ debug=False shell = "cmd" certpath = None +krb5config = None +kinit = None +forceTicket = False if "RD_CONFIG_AUTHTYPE" in os.environ: authentication = os.getenv("RD_CONFIG_AUTHTYPE") @@ -99,15 +161,48 @@ log.debug('Using password from node') password = os.getenv("RD_CONFIG_PASSWORD_STORAGE_PATH") +if "RD_CONFIG_KRB5CONFIG" in os.environ: + krb5config = os.getenv("RD_CONFIG_KRB5CONFIG") + +if "RD_CONFIG_KINIT" in os.environ: + kinit = os.getenv("RD_CONFIG_KINIT") + log.debug("------------------------------------------") log.debug("endpoint:" + endpoint) log.debug("authentication:" + authentication) log.debug("username:" + username) log.debug("nossl:" + str(nossl)) log.debug("diabletls12:" + str(diabletls12)) +log.debug("krb5config:" + krb5config) +log.debug("kinit command:" + kinit) log.debug("shell:" + shell) + log.debug("------------------------------------------") +if not URLLIB_INSTALLED: + log.error("request and urllib3 not installed, try: pip install requests && pip install urllib3") + sys.exit(1) + +if not WINRM_INSTALLED: + log.error("winrm not installed, try: pip install pywinrm") + sys.exit(1) + +if authentication == "kerberos" and not KRB_INSTALLED: + log.error("Kerberos not installed, try: pip install pywinrm[kerberos]") + sys.exit(1) + +if authentication == "kerberos" and not HAS_PEXPECT: + log.error("pexpect not installed, try: pip install pexpect") + sys.exit(1) + +if authentication == "credssp" and not HAS_CREDSSP: + log.error("CredSSP not installed, try: pip install pywinrm[credssp]") + sys.exit(1) + +if authentication == "ntlm" and not HAS_NTLM: + log.error("NTLM not installed, try: pip install requests_ntlm") + sys.exit(1) + arguments = {} arguments["transport"] = authentication @@ -120,6 +215,10 @@ arguments["credssp_disable_tlsv1_2"] = diabletls12 +if authentication == "kerberos": + k5bConfig = kerberosauth.KerberosAuth(krb5config=krb5config, log=log, kinit_command=kinit,username=username, password=password) + k5bConfig.get_ticket() + session = winrm.Session(target=endpoint, auth=(username, password), **arguments) diff --git a/contents/winrm-filecopier.py b/contents/winrm-filecopier.py index 9a0874d..3f85e96 100644 --- a/contents/winrm-filecopier.py +++ b/contents/winrm-filecopier.py @@ -9,12 +9,80 @@ import base64 import time import common -import requests.packages.urllib3 import logging import ntpath import xml.etree.ElementTree as ET import colored_formatter from colored_formatter import ColoredFormatter +import kerberosauth + +#checking and importing dependencies +ISPY3 = sys.version_info[0] == 3 +WINRM_INSTALLED = False +URLLIB_INSTALLED = False +KRB_INSTALLED = False +HAS_NTLM = False +HAS_CREDSSP = False +HAS_PEXPECT = False + +if ISPY3: + from inspect import getfullargspec as getargspec +else: + from inspect import getargspec + +try: + import requests.packages.urllib3 + requests.packages.urllib3.disable_warnings() + URLLIB_INSTALLED = True +except ImportError as e: + URLLIB_INSTALLED = False + +try: + import winrm + + WINRM_INSTALLED = True +except ImportError as e: + WINRM_INSTALLED = False + +try: + from requests_kerberos import HTTPKerberosAuth, REQUIRED, OPTIONAL, DISABLED + + KRB_INSTALLED = True +except ImportError: + KRB_INSTALLED = False + +try: + from requests_ntlm import HttpNtlmAuth + + HAS_NTLM = True +except ImportError as ie: + HAS_NTLM = False + +try: + from requests_credssp import HttpCredSSPAuth + + HAS_CREDSSP = True +except ImportError as ie: + HAS_CREDSSP = False + +try: + import pexpect + + if hasattr(pexpect, 'spawn'): + argspec = getargspec(pexpect.spawn.__init__) + if 'echo' in argspec.args: + HAS_PEXPECT = True +except ImportError as e: + HAS_PEXPECT = False + +log_level = 'INFO' +if os.environ.get('RD_JOB_LOGLEVEL') == 'DEBUG': + log_level = 'DEBUG' +else: + log_level = 'ERROR' + +##end + log_level = 'INFO' if os.environ.get('RD_JOB_LOGLEVEL') == 'DEBUG': @@ -173,6 +241,9 @@ def winrm_upload(self, nossl = False debug = False diabletls12 = False +kinit = None +krb5config = None +forceTicket = False if "RD_CONFIG_AUTHTYPE" in os.environ: authentication = os.getenv("RD_CONFIG_AUTHTYPE") @@ -221,6 +292,12 @@ def winrm_upload(self, if "RD_CONFIG_DEBUG" in os.environ: quiet = False +if "RD_CONFIG_KRB5CONFIG" in os.environ: + krb5config = os.getenv("RD_CONFIG_KRB5CONFIG") + +if "RD_CONFIG_KINIT" in os.environ: + kinit = os.getenv("RD_CONFIG_KINIT") + endpoint = transport+'://'+args.hostname+':'+port arguments = {} @@ -235,6 +312,36 @@ def winrm_upload(self, arguments["credssp_disable_tlsv1_2"] = diabletls12 + +if not URLLIB_INSTALLED: + log.error("request and urllib3 not installed, try: pip install requests && pip install urllib3") + sys.exit(1) + +if not WINRM_INSTALLED: + log.error("winrm not installed, try: pip install pywinrm") + sys.exit(1) + +if authentication == "kerberos" and not KRB_INSTALLED: + log.error("Kerberos not installed, try: pip install pywinrm[kerberos]") + sys.exit(1) + +if authentication == "kerberos" and not HAS_PEXPECT: + log.error("pexpect not installed, try: pip install pexpect") + sys.exit(1) + +if authentication == "credssp" and not HAS_CREDSSP: + log.error("CredSSP not installed, try: pip install pywinrm[credssp]") + sys.exit(1) + +if authentication == "ntlm" and not HAS_NTLM: + log.error("NTLM not installed, try: pip install requests_ntlm") + sys.exit(1) + +if authentication == "kerberos": + k5bConfig = kerberosauth.KerberosAuth(krb5config=krb5config, log=log, kinit_command=kinit,username=username, password=password) + k5bConfig.get_ticket() + + session = winrm.Session(target=endpoint, auth=(username, password), **arguments) diff --git a/contents/winrm_session.py b/contents/winrm_session.py index 29a42f6..0af3a7e 100644 --- a/contents/winrm_session.py +++ b/contents/winrm_session.py @@ -9,8 +9,12 @@ except ImportError as e: from io import BytesIO -import protocol -import winrm +try: + import protocol + import winrm +except ImportError: + pass + import base64 import sys import types diff --git a/docker/rundeck/Dockerfile b/docker/rundeck/Dockerfile index 36a29ec..35240d3 100644 --- a/docker/rundeck/Dockerfile +++ b/docker/rundeck/Dockerfile @@ -32,18 +32,19 @@ RUN apt-get install libssl-dev openssl gcc make -y && \ make && \ make install - ENV PATH="/opt/Python-${PYTHON_VERSION}:$PATH" RUN curl https://bootstrap.pypa.io/get-pip.py -o get-pip.py RUN python get-pip.py +RUN apt-get install -y gcc python-dev libkrb5-dev krb5-user ## Install python winrm RUN python -m pip install --upgrade pip && \ python -m pip install setuptools --force --upgrade && \ python -m pip install requests urllib3 pywinrm && \ - python -m pip install pywinrm[credssp] - + python -m pip install pywinrm[credssp] && \ + python -m pip install pywinrm[kerberos] && \ + python -m pip install pexpect #set rundeck password RUN echo 'rundeck:rundeck' | chpasswd @@ -55,8 +56,10 @@ ENV RDECK_BASE=/home/rundeck \ ENV PATH="/opt/Python-${PYTHON_VERSION}:$PATH" RUN mkdir data demo-projects -COPY --chown=rundeck:rundeck remco /etc/remco -COPY --chown=rundeck:rundeck ./plugins ./libext + +COPY --chown=root:root ./config/krb5.conf /etc/krb5.conf +COPY --chown=rundeck:root remco /etc/remco +COPY --chown=rundeck:root ./plugins ./libext VOLUME ["/home/rundeck/server/data"] diff --git a/docker/rundeck/config/krb5.conf b/docker/rundeck/config/krb5.conf new file mode 100644 index 0000000..0ec76b8 --- /dev/null +++ b/docker/rundeck/config/krb5.conf @@ -0,0 +1,18 @@ +[libdefaults] +default_realm = windowsvirtual.local +clockskew = 300 +ticket_lifetime = 5m +forwardable = true +proxiable = true +dns_lookup_realm = true +dns_lookup_kdc = true + +[realms] +WINDOWSVIRTUAL.LOCAL = { + kdc = someip +} + +[domain_realm] +.windowsvirtual.local = WINDOWSVIRTUAL.LOCAL +windowsvirtual.loca = WINDOWSVIRTUAL.LOCAL + diff --git a/plugin.yaml b/plugin.yaml index d6f39a6..ae4d4f6 100644 --- a/plugin.yaml +++ b/plugin.yaml @@ -26,7 +26,7 @@ providers: title: Authentication Type description: "Authentication Type" type: Select - values: "basic,credssp,ntlm" + values: "basic,credssp,ntlm,kerberos" default: "basic" required: true scope: Instance @@ -115,6 +115,22 @@ providers: valueConversion: "STORAGE_PATH_AUTOMATIC_READ" storage-path-root: "keys" instance-scope-node-attribute: "winrm-password-storage-path" + - name: krb5config + title: krb5 Config File + description: "Path of krb5.conf file" + type: String + default: '/etc/krb5.conf' + required: false + renderingOptions: + groupName: Kerberos + - name: kinit + title: Kinit Command + description: "Kinit Command" + type: String + default: 'kinit' + required: false + renderingOptions: + groupName: Kerberos - name: WinRMcpPython title: WinRM Python File Copier description: Copying files to remote Windows computer @@ -128,7 +144,7 @@ providers: title: Authentication Type description: "Authentication Type" type: Select - values: "basic,credssp,ntlm" + values: "basic,credssp,ntlm,kerberos" default: "basic" required: true scope: Instance @@ -210,6 +226,22 @@ providers: name: debug title: Debug? description: 'Write debug messages' + - name: krb5config + title: krb5 Config File + description: "Path of krb5.conf file" + type: String + default: '/etc/krb5.conf' + required: false + renderingOptions: + groupName: Kerberos + - name: kinit + title: Kinit Command + description: "Kinit Command" + type: String + default: 'kinit' + required: false + renderingOptions: + groupName: Kerberos - name: WinRMCheck title: WinRM Check Step description: Check the connection with a remote node using winrm-python @@ -228,7 +260,7 @@ providers: title: Authentication Type description: "Authentication Type" type: Select - values: "basic,credssp,ntlm,kerberos,ssl" + values: "basic,credssp,ntlm,kerberos" default: "basic" required: true - name: winrmtransport @@ -281,3 +313,20 @@ providers: name: debug title: Debug? description: 'Write debug messages' + - name: krb5config + title: krb5 Config File + description: "Path of krb5.conf file" + type: String + default: '/etc/krb5.conf' + required: false + renderingOptions: + groupName: Kerberos + - name: kinit + title: Kinit Command + description: "Kinit Command" + type: String + default: 'kinit' + required: false + renderingOptions: + groupName: Kerberos +