archive
/
ansible
mirror of https://github.com/ansible/ansible.git
1
0
Fork 0
Code Issues Projects Releases Wiki Activity

Added possibility to disable basic auth (#33224)

Browse Source
pull/34336/head
Erwan Quélin 7 years ago committed by Jordan Borean
parent 32929f916a
commit e3b49a7aeb
1 changed files with 32 additions and 10 deletions
Show Stats Download Patch File Download Diff File

38
examples/scripts/ConfigureRemotingForAnsible.ps1
Unescape Escape View File

@ -21,6 +21,8 @@
# #
# Use option -EnableCredSSP to enable CredSSP as an authentication option. # Use option -EnableCredSSP to enable CredSSP as an authentication option.
# #
# Use option -DisableBasicAuth to disable basic authentication.
#
# Use option -SkipNetworkProfileCheck to skip the network profile check. # Use option -SkipNetworkProfileCheck to skip the network profile check.
# Without specifying this the script will only run if the device's interfaces # Without specifying this the script will only run if the device's interfaces
# are in DOMAIN or PRIVATE zones. Provide this switch if you want to enable # are in DOMAIN or PRIVATE zones. Provide this switch if you want to enable
@ -36,6 +38,7 @@
# Updated by Nicolas Simond <contact@nicolas-simond.com> # Updated by Nicolas Simond <contact@nicolas-simond.com>
# Updated by Dag Wieërs <dag@wieers.com> # Updated by Dag Wieërs <dag@wieers.com>
# Updated by Jordan Borean <jborean93@gmail.com> # Updated by Jordan Borean <jborean93@gmail.com>
# Updated by Erwan Quélin <erwan.quelin@gmail.com>
# #
# Version 1.0 - 2014-07-06 # Version 1.0 - 2014-07-06
# Version 1.1 - 2014-11-11 # Version 1.1 - 2014-11-11
@ -44,6 +47,7 @@
# Version 1.4 - 2017-01-05 # Version 1.4 - 2017-01-05
# Version 1.5 - 2017-02-09 # Version 1.5 - 2017-02-09
# Version 1.6 - 2017-04-18 # Version 1.6 - 2017-04-18
# Version 1.7 - 2017-11-23
# Support -Verbose option # Support -Verbose option
[CmdletBinding()] [CmdletBinding()]
@ -54,8 +58,9 @@ Param (
[switch]$SkipNetworkProfileCheck, [switch]$SkipNetworkProfileCheck,
$CreateSelfSignedCert = $true, $CreateSelfSignedCert = $true,
[switch]$ForceNewSSLCert, [switch]$ForceNewSSLCert,
[switch]$EnableCredSSP, [switch]$GlobalHttpFirewallAccess,
[switch]$GlobalHttpFirewallAccess [switch]$DisableBasicAuth = $false,
[switch]$EnableCredSSP
) )
Function Write-Log Function Write-Log
@ -309,16 +314,33 @@ Else
} }
# Check for basic authentication. # Check for basic authentication.
$basicAuthSetting = Get-ChildItem WSMan:\localhost\Service\Auth | Where {$_.Name -eq "Basic"} $basicAuthSetting = Get-ChildItem WSMan:\localhost\Service\Auth | Where-Object {$_.Name -eq "Basic"}
If (($basicAuthSetting.Value) -eq $false)
If ($DisableBasicAuth)
{ {
Write-Verbose "Enabling basic auth support." If (($basicAuthSetting.Value) -eq $true)
Set-Item -Path "WSMan:\localhost\Service\Auth\Basic" -Value $true {
Write-Log "Enabled basic auth support." Write-Verbose "Disabling basic auth support."
Set-Item -Path "WSMan:\localhost\Service\Auth\Basic" -Value $false
Write-Log "Disabled basic auth support."
}
Else
{
Write-Verbose "Basic auth is already disabled."
}
} }
Else Else
{ {
Write-Verbose "Basic auth is already enabled." If (($basicAuthSetting.Value) -eq $false)
{
Write-Verbose "Enabling basic auth support."
Set-Item -Path "WSMan:\localhost\Service\Auth\Basic" -Value $true
Write-Log "Enabled basic auth support."
}
Else
{
Write-Verbose "Basic auth is already enabled."
}
} }
# If EnableCredSSP if set to true # If EnableCredSSP if set to true

Write Preview
Loading…
Cancel
Save