aws-lambda-powershell-runtime
aws-lambda-powershell-runtime copied to clipboard
Add `PSWSMan` and document PowerShell remoting to Windows hosts
Resolves #22 Resolves #3
My original comment https://github.com/awslabs/aws-lambda-powershell-runtime/issues/22#issuecomment-1967776323 turned out to be partially wrong. It seems we can get remoting working quite nicely with Kerberos using only PSWSMan
, which is a very small add.
I've written up some documentation which I stuck in a separate readme.
This is in the first commit: https://github.com/awslabs/aws-lambda-powershell-runtime/pull/32/commits/678e584119597cd3a4a610b48f61121a90bce878
TODOs:
- [x] Pin
PSWSMan
module version (at least to major version)
For NTLM, I believe we need https://github.com/gssapi/gss-ntlmssp and as far as I can tell there are no pre-built binaries. I was able to get it built from source in al2023, but installing it brings in a lot of other dependencies and adds a few hundred MB to the image size.
As a result, I built is a new image so that it could be used more optionally.
That work is in the second commit: https://github.com/awslabs/aws-lambda-powershell-runtime/pull/32/commits/b9cfde3d1707c27aa549c82c10215b7d138b7b21
The thing is, I can't actually get NTLM auth working.
If we try in the original runtime for example (or even the one with PSWSMan
) to use NTLM auth with credentials like DOMAIN\user
, it fails pretty quickly with an error like this:
OpenError: [server01.ad.contoso.com] Connecting to remote server server01.ad.contoso.com failed with the following error message : acquiring creds with username only failed No credentials were supplied, or the credentials were unavailable or inaccessible SPNEGO cannot find mechanisms to negotiate For more information, see the about_Remote_Troubleshooting Help topic.
If I use the image above with gss-ntlmssp
installed, it just hangs forever, so.. it changed something, but I get no output at all so I'm pretty stuck.
We can split this into two PRs, or maybe the community can come up with an answer for the NTLM stuff. I wonder if @jborean93 might have any ideas? 👀
Let me know what you all think!