brooklyn-dev mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From cloudsoftreleaser <>
Subject [GitHub] brooklyn-docs pull request: Details about using CredSSP in Windows
Date Sat, 26 Mar 2016 21:38:46 GMT
Github user cloudsoftreleaser commented on a diff in the pull request:
    --- Diff: guide/yaml/winrm/ ---
    @@ -289,11 +289,24 @@ When a script is run over WinRM, the credentials under which the
script are run
     solution is to obtain a new set of credentials within the script and use those credentials
     required commands.
    -Certain Windows registry keys must be reconfigured in order to support re-authentication.
    -clouds that support an init script, Brooklyn can take care of this at instance boot time,
as part 
    -of the setup script. For clouds where an init script is not (currently) supported, such
as Azure, 
    -it is assumed that the VM is already correctly configured. Please ensure that Brooklyn's
    -are compatible with your organisation's security policy.
    +The WinRM client uses Negotiate+NTLM to authenticate against the machine.
    +This mechanism applies certain restrictions to executing commands on the windows host.
    +For this reason you should enable CredSSP on the windows host which grants all privileges
available to the user.
    +To use `Invoke-Command -Authentication CredSSP` the Windows Machine has to have:
    +- Up and running WinRM over http
    --- End diff --
    @bostko I thought we were using https with winrm4j now. Are we using http just for this?
So do we enable both? Or just one of them?
    In separate communication, you said about an error for MSSQL@Azure: `NoSuchElementException:
could not connect to any socket in [,]`. That is the https
port, so I assumed we were using https.

If your project is set up for it, you can reply to this email and have your
reply appear on GitHub as well. If your project does not have this feature
enabled and wishes so, or if the feature is enabled but not working, please
contact infrastructure at or file a JIRA ticket
with INFRA.

View raw message