CredSSP send the user accounts password across the wire but it is definitely not in the clear. It is "wrapped" which means it's encrypted and the Windows host can decrypt the value. This is unlike other authentication formats where typically only a hash or shared secret known only to the client and server are exchanged. So in that sense, CredSSP is not as secure as say Kerberos but the advantage is now the remote process can use those credentials for further authentication and bypassing the double hop problem.
Ultimately it's a trade off with what you need, if you are in a domain environment you should be using Kerberos. If it's local accounts then you should be using HTTPS at least then either NTLM or CredSSP depending on your needs. Thanks Jordan -- You received this message because you are subscribed to the Google Groups "Ansible Project" group. To unsubscribe from this group and stop receiving emails from it, send an email to ansible-project+unsubscr...@googlegroups.com. To view this discussion on the web visit https://groups.google.com/d/msgid/ansible-project/bcdfd059-0b36-4549-ae7a-34bb14385596%40googlegroups.com.
