I just released knife-windows 1.2.0 and it is now available on rubygems. This release rides on the heels of last week’s WinRM gem 1.6.0 release adding NTLM/Negotiate authentication and encryption as an added transport option and supported on both linux and windows.
While previous versions of knife-windows monkey patched winrm with the winrm-s gem for its negotiate auth/encryption support. winrm-s levereged native win32 APIs and was therefore only loaded on windows workstations. Winrm 1.6 leverages the rubyntlm gem which is a pure ruby implementation working on both linux and windows.
If interested, you can read more about the winrm 1.6 release and a general discussion of cross-platform winrm authentication dilemmas in this post.
Its important to note that this brings no changes to the knife windows command interfaces and requires no change on your part as consumers of those commands. It simply means that if you are using
knife winrm or
knife bootstrap windows winrm on linux, negotiate authentication and encryption are used by default when using HTTP.
This also means that if you preconfigure node images with winrm configuration settings that enable basic authentication and allow unencrypted traffic, you can and should just stop that. I have pending PRs into Test-Kitchen and Vagrant as well to remove those requirements for test scenarios as well.