rundeck-winrm-plugin icon indicating copy to clipboard operation
rundeck-winrm-plugin copied to clipboard

Published 20 hours ago verified publisher icon rundeck-plugins

Winrm double hop issue

Open atahir opened this issue 10 years ago • 10 comments

Hi,

Has anyone come across the windows double-hop issue using the winrm plugin.

Is it possible to enable CredSSP for this plugin? or is it possible to pass through some additional information to allow delegation of credentials?

Thanks, Anjam

atahir avatar Jun 24 '14 09:06 atahir

Did you get it to work ? any hints ?

alphacc avatar Sep 05 '14 09:09 alphacc

I've run across the double-hop issue as well; so I'm also wondering if the plugin supports CredSSP. There dosen't seem to be any mention of it in the documentation, so I'm assuming the answer is 'no'. It would be a useful feature to have though.

bodinewilson avatar Sep 24 '14 23:09 bodinewilson

it doesn't support credSSP. We use a library called Overthere to perform the Winrm protocol functions, they have a similar issue filed https://github.com/xebialabs/overthere/issues/78

until Overthere supports it it won't be possible

gschueler avatar Sep 25 '14 18:09 gschueler

Hi, @gschueler! I'm running smack into this issue right now, and I'm wondering if there's a workaround for this, or if it's a legitimate brick wall. Thanks!

iresprite avatar Jul 06 '15 17:07 iresprite

So it looks like this is now possible if it is running on Windows via use of WINRM_NATIVE in Overthere. Is it possible to have the winrm plugin use WINRM_NATIVE if rundeck is running on Windows?

ghost avatar Jun 01 '16 14:06 ghost

Has there been any movement on this? I'm on a Linux based Rundeck server and am faced with the double hop issue - I'm running a job that executes winrm commands on a remote windows client that needs to execute commands on yet another windows client.

ChrisPr1 avatar Jan 10 '17 19:01 ChrisPr1

@gschueler Would it be possible to replace the Overthere library with another library that supports CredSSP? Or would that be too tricky - or big change?

lw-schick avatar Jan 18 '17 13:01 lw-schick

@lw-schick replacing overthere is possible, however if you were to do that, it's probably just as easy to create a new plugin using the other library

gschueler avatar Jan 18 '17 18:01 gschueler

@lw-schick you should also look at https://github.com/NetDocuments/rd-winrm-plugin

ahonor avatar Jan 18 '17 18:01 ahonor

@gschueler Thanks for the tip, but I don't think I will be able doing that. I am not a ruby programmer...

@ahonor I know this plugin, but that has the same problem. It uses a ruby library with no support for CredSSP. There is an issue that links to https://github.com/WinRb/winrm-elevated which does the trick - but that is no RunDeck plugin and I have no clue how that could be implemented in RunDeck.

... maybe some of you guys have an idea.

lw-schick avatar Jan 19 '17 07:01 lw-schick