Support NTLM for WinRM communicators.

[joekhoobyar]

Some customers prohibit any basic or digest authentication methods over WinRM.

This is a simple patch to add NTLM (kerberos) support for WinRM connections, modeled after packer's support for the same.

When testing functionality, I ran the following on the host to disable all insecure auth:

winrm set winrm/config/client/auth '@{Basic="false"}'
winrm set winrm/config/client/auth '@{Digest="false"}'
winrm set winrm/config/service/auth '@{Basic="false"}'

Then, I tested it with the unpatched Terraform to verify that it locked me out. (It did)
Finally, I tested it with the patched Terraform to verify that it let me in. (It did)

[joekhoobyar]

Fixes #16007

[joekhoobyar]

Mitigates #15571

[jbardin]

Thanks @joekhoobyar!

[nicknameyu]

Hi There, I was following below link and came to this page. #15571
I got the same issue connecting the new built windows VM through winrm. winrm https service is enabled with a self-signed certificate, Want to understand what configuration should be setup for terraform to connect to the VM. Configuration tried as blow:

  provisioner "remote-exec" {
    inline = [
      "md c:/temp",
    ]
        connection {
        type     = "winrm"
        host     = "${azurerm_network_interface.vmstamp.private_ip_address}"
        https    = true
        insecure = true
        port     = "5986"
        user     = "${var.admin_username}"
        password = "${var.admin_password}"
        use_ntlm = true
        timeout  = "1m"
  }

 }

Tried both use_ntlm = true and false. Can you help?

[ghost]

I'm going to lock this issue because it has been closed for 30 days ⏳. This helps our maintainers find and focus on the active issues.

If you have found a problem that seems similar to this, please open a new issue and complete the issue template so we can capture all the details necessary to investigate further.