| Parameter | Choices/Defaults | Configuration | Comments | 
                
                                                            | auth 
                    string
                                                                 | Choices:
                                                                                                                                                            basiccertificatenegotiate ←kerberosntlmcredssp | var: ansible_psrp_auth | The authentication protocol to use when authenticating the remote user. The default, negotiate, will attempt to useKerberosif it is available and fall back toNTLMif it isn't. | 
                            
                                                            | ca_cert 
                    path
                                                                 |  | var: ansible_psrp_cert_trust_path var: ansible_psrp_ca_cert | The path to a PEM certificate chain to use when validating the server's certificate. This value is ignored if cert_validation is set to ignore. aliases: cert_trust_path
 | 
                            
                                                            | cert_validation 
                    string
                                                                 | Choices:
                                                                                                                                                            validate ←ignore | var: ansible_psrp_cert_validation | Whether to validate the remote server's certificate or not. Set to ignoreto not validate any certificates. ca_cert can be set to the path of a PEM certificate chain to use in the validation. | 
                            
                                                            | certificate_key_pem 
                    path
                                                                 |  | var: ansible_psrp_certificate_key_pem | The local path to an X509 certificate key to use with certificate auth. | 
                            
                                                            | certificate_pem 
                    path
                                                                 |  | var: ansible_psrp_certificate_pem | The local path to an X509 certificate to use with certificate auth. | 
                            
                                                            | configuration_name 
                    string
                                                                 | Default: 
 "Microsoft.PowerShell" | var: ansible_psrp_configuration_name | The name of the PowerShell configuration endpoint to connect to. | 
                            
                                                            | connection_timeout 
                    integer
                                                                 | Default: 
 30 | var: ansible_psrp_connection_timeout | The connection timeout for making the request to the remote host. This is measured in seconds. | 
                            
                                                            | credssp_auth_mechanism 
                    string
                                                                 | Choices:
                                                                                                                                                            auto ←kerberosntlm | var: ansible_psrp_credssp_auth_mechanism | The sub authentication mechanism to use with CredSSP auth. When auto, both Kerberos and NTLM is attempted with kerberos being preferred. | 
                            
                                                            | credssp_disable_tlsv1_2 
                    boolean
                                                                 |  | var: ansible_psrp_credssp_disable_tlsv1_2 | Disables the use of TLSv1.2 on the CredSSP authentication channel. This should not be set to yesunless dealing with a host that does not have TLSv1.2. | 
                            
                                                            | credssp_minimum_version 
                    integer
                                                                 | Default: 
 2 | var: ansible_psrp_credssp_minimum_version | The minimum CredSSP server authentication version that will be accepted. Set to 5to ensure the server has been patched and is not vulnerable to CVE 2018-0886. | 
                            
                                                            | ignore_proxy 
                    boolean
                                                                 |  | var: ansible_psrp_ignore_proxy | Will disable any environment proxy settings and connect directly to the remote host. This option is ignored if proxyis set. | 
                            
                                                            | max_envelope_size 
                    integer
                                                                 | Default: 
 153600 | var: ansible_psrp_max_envelope_size | Sets the maximum size of each WSMan message sent to the remote host. This is measured in bytes. Defaults to 150KiBfor compatibility with older hosts. | 
                            
                                                            | message_encryption 
                    string
                                                                 | Choices:
                                                                                                                                                            auto ←alwaysnever | var: ansible_psrp_message_encryption | Controls the message encryption settings, this is different from TLS encryption when ansible_psrp_protocol is https. Only the auth protocols negotiate,kerberos,ntlm, andcredsspcan do message encryption. The other authentication protocols only support encryption whenprotocolis set tohttps. automeans means message encryption is only used when not using TLS/HTTPS.
 alwaysis the same asautobut message encryption is always used even when running over TLS/HTTPS.
 neverdisables any encryption checks that are in place when running over HTTP and disables any authentication encryption processes.
 | 
                            
                                                            | negotiate_delegate 
                    boolean
                                                                 |  | var: ansible_psrp_negotiate_delegate | Allow the remote user the ability to delegate it's credentials to another server, i.e. credential delegation. Only valid when Kerberos was the negotiated auth or was explicitly set as the authentication. Ignored when NTLM was the negotiated auth. | 
                            
                                                            | negotiate_hostname_override 
                    string
                                                                 |  | var: ansible_psrp_negotiate_hostname_override | Override the remote hostname when searching for the host in the Kerberos lookup. This allows Ansible to connect over IP but authenticate with the remote server using it's DNS name. Only valid when Kerberos was the negotiated auth or was explicitly set as the authentication. Ignored when NTLM was the negotiated auth. | 
                            
                                                            | negotiate_send_cbt 
                    boolean
                                                                 |  | var: ansible_psrp_negotiate_send_cbt | Send the Channel Binding Token (CBT) structure when authenticating. CBT is used to provide extra protection against Man in the Middle MitMattacks by binding the outer transport channel to the auth channel. CBT is not used when using just HTTP, onlyHTTPS. | 
                            
                                                            | negotiate_service 
                    string
                                                                 | Default: 
 "WSMAN" | var: ansible_psrp_negotiate_service | Override the service part of the SPN used during Kerberos authentication. Only valid when Kerberos was the negotiated auth or was explicitly set as the authentication. Ignored when NTLM was the negotiated auth. | 
                            
                                                            | operation_timeout 
                    integer
                                                                 | Default: 
 20 | var: ansible_psrp_operation_timeout | Sets the WSMan timeout for each operation. This is measured in seconds. This should not exceed the value for connection_timeout. | 
                            
                                                            | path 
                    string
                                                                 | Default: 
 "wsman" | var: ansible_psrp_path | The URI path to connect to. | 
                            
                                                            | port 
                    integer
                                                                 |  | var: ansible_port var: ansible_psrp_port | The port for PSRP to connect on the remote target. Default is 5986if protocol is not defined or ishttps, otherwise the port is5985. | 
                            
                                                            | protocol 
                    string
                                                                 |  | var: ansible_psrp_protocol | Set the protocol to use for the connection. Default is httpsif port is not defined or port is not5985. | 
                            
                                                            | proxy 
                    string
                                                                 |  | var: ansible_psrp_proxy | Set the proxy URL to use when connecting to the remote host. | 
                            
                                                            | read_timeout 
                    integer
                                                                 added in 2.8 | Default: 
 30 | var: ansible_psrp_read_timeout | The read timeout for receiving data from the remote host. This value must always be greater than operation_timeout. This option requires pypsrp >= 0.3. This is measured in seconds. | 
                            
                                                            | reconnection_backoff 
                    integer
                                                                 added in 2.8 | Default: 
 2 | var: ansible_psrp_connection_backoff var: ansible_psrp_reconnection_backoff | The backoff time to use in between reconnection attempts. (First sleeps X, then sleeps 2*X, then sleeps 4*X, ...) This is measured in seconds. The ansible_psrp_reconnection_backoffvariable was added in Ansible 2.9. | 
                            
                                                            | reconnection_retries 
                    integer
                                                                 added in 2.8 | Default: 
 0 | var: ansible_psrp_reconnection_retries | The number of retries on connection errors. | 
                            
                                                            | remote_addr 
                    string
                                                                 | Default: 
 "inventory_hostname" | var: ansible_host var: ansible_psrp_host | The hostname or IP address of the remote host. | 
                            
                                                            | remote_password 
                    string
                                                                 |  | var: ansible_password var: ansible_winrm_pass var: ansible_winrm_password | Authentication password for the remote_user. Can be supplied as CLI option. aliases: password
 | 
                            
                                                            | remote_user 
                    string
                                                                 |  | var: ansible_user var: ansible_psrp_user | The user to log in as. |