Configuration Management Tool

Various Ansible Authentication Options

It is worth knowing that proper configuration of the authentication is paramount to communicating properly with the target hosts. There are various authentication methods that are possible when authenticating with an account via a local or domain-based account.


User authentication via Active Directory (AD), also referred to as authentication through Kerberos is my chosen option.

Why employ Kerberos?

Domain based authentication uses Kerberos authentication and this is supported by Windows Active Directory Services. Kerberos authentication with Windows Server environments uses the central user authentication that Active Directory supplies to configure and manage your Windows Server resources. This permits also greater level of trust for the WinRM connections to the remote Servers that are built in when using Active Directory credentials.

Note: Kerberos is the recommended authentication option to use when running in a domain environment. Kerberos supports features like credential delegation and message encryption over HTTP and is one of the more secure options that are available through WinRM.

Domain Authentication: Employs Kerberos authentication which is supported with Microsoft Active Directory Services and this allows the creation of a more reliable WinRM communication between the Ansible Server and Remote machines.

For steps needed to how to install Kerberos packages in Windows via Cygwin, see

For steps to configuring Kerberos for Ansible Authentication, see

For more on Kerberos, see

For basic Ansible authentication, see the following link

Notify of
Inline Feedbacks
View all comments
Would love your thoughts, please comment.x