aws-lambda-powershell-runtime
aws-lambda-powershell-runtime copied to clipboard
awslabs
Add `PSWSMan` and document PowerShell remoting to Windows hosts
Resolves #22 Resolves #3
My original comment https://github.com/awslabs/aws-lambda-powershell-runtime/issues/22#issuecomment-1967776323 turned out to be partially wrong. It seems we can get remoting working quite nicely with Kerberos using only PSWSMan, which is a very small add.
I've written up some documentation which I stuck in a separate readme.
This is in the first commit: https://github.com/awslabs/aws-lambda-powershell-runtime/pull/32/commits/678e584119597cd3a4a610b48f61121a90bce878
TODOs:
- [x] Pin
PSWSManmodule version (at least to major version)
For NTLM, I believe we need https://github.com/gssapi/gss-ntlmssp and as far as I can tell there are no pre-built binaries. I was able to get it built from source in al2023, but installing it brings in a lot of other dependencies and adds a few hundred MB to the image size.
As a result, I built is a new image so that it could be used more optionally.
That work is in the second commit: https://github.com/awslabs/aws-lambda-powershell-runtime/pull/32/commits/b9cfde3d1707c27aa549c82c10215b7d138b7b21
The thing is, I can't actually get NTLM auth working.
If we try in the original runtime for example (or even the one with PSWSMan) to use NTLM auth with credentials like DOMAIN\user, it fails pretty quickly with an error like this:
OpenError: [server01.ad.contoso.com] Connecting to remote server server01.ad.contoso.com failed with the following error message : acquiring creds with username only failed No credentials were supplied, or the credentials were unavailable or inaccessible SPNEGO cannot find mechanisms to negotiate For more information, see the about_Remote_Troubleshooting Help topic.
If I use the image above with gss-ntlmssp installed, it just hangs forever, so.. it changed something, but I get no output at all so I'm pretty stuck.
We can split this into two PRs, or maybe the community can come up with an answer for the NTLM stuff. I wonder if @jborean93 might have any ideas? 👀
Let me know what you all think!
