Untitled

server {
    listen 5986 default ssl;
    server_name localhost;

    ssl_certificate  ssl/nginx.crt;
    ssl_certificate_key ssl/nginx.key;

    location /host-c {
        proxy_pass https://host-c-address:5986/wsman;
    }
}

[windows]
host-c ansible_host=host-b ansible_winrm_path=host-c

ansible_user: myuser
ansible_pass: andmypass
ansible_port: 5986
ansible_connection: winrm
ansible_winrm_realm: HOSTCDOMAIN.LOCAL
ansible_winrm_scheme: https
ansible_winrm_transport: kerberos
ansible_winrm_server_cert_validation: ignore

fatal: [host-c]: FAILED! => {"failed": true, "msg": "ssl: 401 Unauthorized."}

[logging]
 default = FILE:/var/log/krb5libs.log
 kdc = FILE:/var/log/krb5kdc.log
 admin_server = FILE:/var/log/kadmind.log

[libdefaults]
 default_realm = HOSTCDOMAIN.LOCAL
 dns_lookup_realm = false
 dns_lookup_kdc = false
 ticket_lifetime = 24h
 renew_lifetime = 7d
 forwardable = false

[realms]
 AEBEL.LOCAL = {
  kdc = host-b
 }

[domain_realm]
 .hostcdomain.local = HOSTCDOMAIN.LOCAL

# kinit myuser@HOSTCDOMAIN.LOCAL
Password for myuser@HOSTCDOMAIN.LOCAL:

# klist

Ticket cache: FILE:/tmp/krb5cc_0
Default principal: myuser@HOSTCDOMAIN.LOCAL

Valid starting       Expires              Service principal
03/12/2016 20:23:35  03/13/2016 06:23:35  krbtgt/HOSTCDOMAIN.LOCAL@HOSTCDOMAIN.LOCAL
    renew until 03/19/2016 20:23:31

e# ansible-playbook test_win.yml -vvv
Using /etc/ansible/ansible.cfg as config file
1 plays in test_win.yml

PLAY [Ping windows] ************************************************************

TASK [ping] ********************************************************************
task path: /etc/ansible/test_win.yml:5
<aebel-worker> ESTABLISH WINRM CONNECTION FOR USER: myuser on PORT 5986 TO host-b
fatal: [host-c]: FAILED! => {"failed": true, "msg": "kerberos: (('Unspecified GSS failure.  Minor code may provide more information', 851968), ('Server not found in Kerberos database', -1765328377))"}