WinRM & Ansible –
Ways of authentication and encryption
With Ansible, you can configure a variety of systems in an easy way. Most companies use it to manage their Linux-based systems.
For Windows based systems this practice is not yet very common. The use of Ansible on Windows is still an exception. However, the hurdle for system administrators to use it is more in the mental than the technical area. Because Windows has everything necessary to be configured and managed with Ansible. With the tool “WinRM”, which is included in Windows, this is easily possible and without additional software installations.
In this blog entry, we would like to show you which authentication options Ansible uses to log on to Windows systems. In addition, options for encrypting communication are shown.
Three options for authentication and encryption will be briefly introduced here:
1: Basic Authentication
On the target system, a local user is used for logon. Password and data are transferred unencrypted via HTTP.
2: Domain user authentication
A domain user account is used for registration. Authentication takes place via Kerberos. The user data is still transmitted unencrypted via HTTP.
3: Certificate based authentication
A prerequisite is that the target system has its own server certificate. In this case, both the logon and the data are transferred encrypted via HTTPS.