Closed chefsalim closed 9 years ago
btm
commented
9 years ago Is there an issue filed for this? What's the use case? Is this just a shortcut for --winrm-authentication-protocol basic --winrm-transport plaintext that also turns off any messages telling you that you shouldn't do that?
mwrock
commented
9 years ago I think I have the same questions as @btm. It does not look like this alters functinoality and I think adding another argument to the mix makes the winrm auth story more confusing.
adamedx
commented
9 years ago Here's the repro scenario -- let me know if it doesn't repro for you :) :smile:
wsman:localhost\service\allowunencrypted to trueIf you try this with knife-windows 0.8.6, it works. But on 1.0.0, it won't, because knife-windows 1.0.0 raises an error that says using negotiate is not supported over plaintext on non-Windows systems.
adamedx
commented
9 years ago Hmm, it looks like we don't actually fail anymore, we warn -- this was fixed by @mwrock: https://github.com/chef/knife-windows/commit/9c62bc4e87c1d81d58c8be1b1bac3ae3b172e4e7. So the question is whether we should fail and require the specification of that flag, or just let the warning happen.
WARNING: You are using '--winrm-authentication-protocol negotiate' with '--winrm-transport plaintext' on a non-Windows system which results in unencrypted traffic. To avoid this warning and secure communication, use '--winrm-transport ssl' instead of the plaintext transport, or execute this command from a Windows system which enables encrypted communication over plaintext with the negotiate authentication protocol.
btm
commented
9 years ago This turned out to effectively be a duplicate of #280, which has already been fixed.
This change add a new '--no-encryption' flag that can be specified with 'knife winrm' and 'knife bootstrap windows winrm'. If this flag is set, it sets the transport to be 'plaintext', and turns off SSPI negotiation. This flag is not compatible with the winrm transport set to 'ssl' - it will emit an error and exit in that case.