diff --git a/playbooks/zm.yml b/playbooks/zm.yml
index 427911a..7330603 100644
--- a/playbooks/zm.yml
+++ b/playbooks/zm.yml
@@ -22,3 +22,25 @@
 
   roles:
     - base
+    - mod_auth_gssapi
+    - role: kerberos/keytab
+      keytab: /etc/httpd/httpd.keytab
+      principals: HTTP/zm.foo.sh@FOO.SH
+      group: apache
+    - zoneminder
+
+  tasks:
+    - name: require authentication for munin web
+      copy:
+        dest: /etc/httpd/conf.local.d/zoneminder-auth.conf
+        content: |
+          <Location /zm>
+            AuthType        GSSAPI
+            GssapiBasicAuth Off
+            AuthName        "Password Required"
+            Require         valid-user
+          </Location>
+        mode: 0644
+        owner: root
+        group: "{{ ansible_wheel }}"
+      notify: restart apache