Only try kerberos auth when username contains `@` and pass realm to pywinrm.…

Only try kerberos auth when username contains `@` and pass realm to pywinrm. Alternative to #10644, fixes #10577.

Only try kerberos auth when username contains `@` and pass realm to pywinrm.…
Only try kerberos auth when username contains `@` and pass realm to pywinrm. Alternative to #10644, fixes #10577.
1cbc4570 · Chris Church · Brian Coca · baa6426c · 1cbc4570
Commit 1cbc4570 authored Apr 09, 2015 by Chris Church Committed by Brian Coca Apr 16, 2015
Hide whitespace changes
Inline Side-by-side

Showing with 7 additions and 2 deletions

lib/ansible/runner/connection_plugins/winrm.py
+7 -2

No files found.
--- a/lib/ansible/runner/connection_plugins/winrm.py
+++ b/lib/ansible/runner/connection_plugins/winrm.py
@@ -80,13 +80,18 @@ class Connection(object):
        netloc = '%s:%d' % (self.host, port)
        exc = None
        for transport, scheme in self.transport_schemes['http' if port == 5985 else 'https']:
-            if transport == 'kerberos' and not HAVE_KERBEROS:
+            if transport == 'kerberos' and (not HAVE_KERBEROS or not '@' in self.user):
                continue
+            if transport == 'kerberos':
+                realm = self.user.split('@', 1)[1].strip() or None
+            else:
+                realm = None
            endpoint = urlparse.urlunsplit((scheme, netloc, '/wsman', '', ''))
            vvvv('WINRM CONNECT: transport=%s endpoint=%s' % (transport, endpoint),
                 host=self.host)
            protocol = Protocol(endpoint, transport=transport,
-                                username=self.user, password=self.password)
+                                username=self.user, password=self.password,
+                                realm=realm)
            try:
                protocol.send_message('')
                return protocol