-
Notifications
You must be signed in to change notification settings - Fork 264
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
kerberos does not support message encryption #300
Comments
You need to ensure you have the latest version or pykerberos (or winkerberos if you are running on a Windows host). To verify you have the proper version installed you can run |
I running on windows server 2012r2
am i miss something ? do i need another or different library ? |
Looking at the code, the GSS wrapping functions were only implemented in pykerberos which is the library used on Linux. The winkerberos library would need to be updated to implement that function so pywinrm can use it. You could look into pypsrp if you are interested as that has Kerberos message encryption implemented for both Linux and Windows (it uses a different set of libraries). Otherwise you would need to use a HTTPS listener to avoid the encryption check or just use the builtin tools for Windows. |
I had the same problem as sehot. Thanks for the hint with: |
macOS is returning |
macOS is another special beast where they use their own variant of Heimdal for GSSAPI but the wrapping functions required for Kerberos message encryption aren't exposed publicly. I had to do some special shenanigns to get it working for python-gssapi pythongssapi/python-gssapi#210 and even then I never continued forward with it because of packaging problems. A similar thing would have to happen with pykerberos to dynamically load the The problems here exist in another project and not pywinrm so I'm going to close this issue. |
Hi
i'm trying to use winrm with kerberos and message encryption over http
i'm getting this error :
winrm.exceptions.WinRMError: message encryption is set to 'always' but the selected auth method kerberos does not support it
i working on windows server and i have the latest winrm .
if i disable message encryption and allow Unencrypted on host - it is work , but i don't want to do that. i prefer to work with encrypted message.
what am i missing ?
The text was updated successfully, but these errors were encountered: