It is worth knowing that proper configuration of the authentication is paramount to communicating properly with the target hosts. There are various authentication methods that are possible when authenticating with an account via a local or domain-based account.
Basic: Certifcate: Keberous NTLM CredSSP
User authentication via Active Directory (AD), also referred to as authentication through Kerberos is my chosen option.
Why employ Kerberos?
Domain-based authentication uses Kerberos authentication and Windows Active Directory Services support this. Furthermore, Kerberos authentication with Windows Server environments uses the central user authentication that Active Directory supplies to configure and manage your Windows Server resources. This permits also greater level of trust for the WinRM connections to the remote Servers that are built in when using Active Directory credentials.
Note: Kerberos is the recommended authentication option to use when running in a domain environment. Kerberos supports features like credential delegation and message encryption over HTTP and is one of the more secure options that are available through WinRM.
Domain Authentication: Employs Kerberos authentication which is supported with Microsoft Active Directory Services and this allows the creation of a more reliable WinRM communication between the Ansible Server and Remote machines.
Various Ansible Authentication Options
- For steps needed to how to install Kerberos packages in Windows via Cygwin, see https://techdirectarchive.com/2020/03/14/kerberos-setup-in-windows-cygwin/
- For steps to configuring Kerberos for Ansible Authentication, see https://techdirectarchive.com/2020/03/14/configuring-kerberos-for-ansible-authentication/
- For more on Kerberos, see https://docs.ansible.com/ansible/latest/user_guide/windows_winrm.html#kerberos
- For basic Ansible authentication, see the following link