ries: description: - The number of retries on connection errors. type: int vars: - name: ansible_psrp_reconnection_retries default: 0 version_added: '2.8' reconnection_backoff: description: - The backoff time to use in between reconnection attempts. (First sleeps X, then sleeps 2*X, then sleeps 4*X, ...) - This is measured in seconds. - The C(ansible_psrp_reconnection_backoff) variable was added in Ansible 2.9. type: int vars: - name: ansible_psrp_connection_backoff - name: ansible_psrp_reconnection_backoff default: 2 version_added: '2.8' message_encryption: description: - Controls the message encryption settings, this is different from TLS encryption when I(ansible_psrp_protocol) is C(https). - Only the auth protocols C(negotiate), C(kerberos), C(ntlm), and C(credssp) can do message encryption. The other authentication protocols only support encryption when C(protocol) is set to C(https). - C(auto) means means message encryption is only used when not using TLS/HTTPS. - C(always) is the same as C(auto) but message encryption is always used even when running over TLS/HTTPS. - C(never) disables any encryption checks that are in place when running over HTTP and disables any authentication encryption processes. type: str vars: - name: ansible_psrp_message_encryption choices: - auto - always - never default: auto proxy: description: - Set the proxy URL to use when connecting to the remote host. vars: - name: ansible_psrp_proxy type: str ignore_proxy: description: - Will disable any environment proxy settings and connect directly to the remote host. - This option is ignored if C(proxy) is set. vars: - name: ansible_psrp_ignore_proxy type: bool default: false # auth options certificate_key_pem: description: - The local path to an X509 certificate key to use with certificate auth. type: path vars: - name: ansible_psrp_certificate_key_pem certificate_pem: description: - The local path to an X509 certificate to use with certificate auth. type: path vars: - name: ansible_psrp_certificate_pem credssp_auth_mechanism: description: - The sub authentication mechanism to use with CredSSP auth. - When C(auto), both Kerberos and NTLM is attempted with kerberos being preferred. type: str choices: - auto - kerberos - ntlm default: auto vars: - name: ansible_psrp_credssp_auth_mechanism credssp_disable_tlsv1_2: description: - Disables the use of TLSv1.2 on the CredSSP authentication channel. - This should not be set to C(yes) unless dealing with a host that does not have TLSv1.2. default: false type: bool vars: - name: ansible_psrp_credssp_disable_tlsv1_2 credssp_minimum_version: description: - The minimum CredSSP server authentication version that will be accepted. - Set to C(5) to ensure the server has been patched and is not vulnerable to CVE 2018-0886. default: 2 type: int vars: - name: ansible_psrp_credssp_minimum_version negotiate_delegate: description: - Allow the remote user the ability to delegate it's credentials to another server, i.e. credential delegation. - Only valid when Kerberos was the negotiated auth or was explicitly set as the authentication. - Ignored when NTLM was the negotiated auth. type: bool vars: - name: ansible_psrp_negotiate_delegate negotiate_hostname_override: description: - Override the remote hostname when searching for the host in the Kerberos lookup. - This allows Ansible to connect over IP but authenticate with the remote server using it's DNS name. - Only valid when Kerberos was the negotiated auth or was explicitly set as the authentication. - Ignored when NTLM was the negotiated auth. type: str vars: - name: ansible_psrp_negotiate_hostname_override negotiate_send_cbt: description: - Send the Channel Binding Token (CBT) structure when authenticating. - CBT is used to provide extra protection against Man in the Middle C(MitM) attacks by binding the outer transport channel to the auth channel. - CBT is not used when using just C(HTTP), only C(HTTPS). default: true type: bool vars: - name: ansible_psrp_negotiate_send_cbt negotiate_service: description: - Override the service part of the SPN used during Kerberos authentication. - Only valid when Kerberos was the negotiated auth or was explicitly set as the authentication. - Ignored when NTLM was the negotiated auth. default: WSMAN type: str vars: - name: ansible_psrp_negotiate_service # protocol options operation_timeout: description: - Sets the WSMan timeout for each operation. - This is measured in seconds. - This should not exceed the value for C(connection_timeout). type: int vars: - name: ansible_psrp_operation_timeout default: 20 max_envelope_size: description: - Sets the maximum size of each WSMan message sent to the remote host. - This is measured in bytes. - Defaults to C(150KiB) for compatibility with older hosts. type: int vars: - name: ansible_psrp_max_envelope_size default: 153600 configuration_name: description: - The name of the PowerShell configuration endpoint to connect to. type: str vars: - name: ansible_psrp_configuration_name default: Microsoft.PowerShell N)