diff --git a/roles/mod_auth_gssapi/files/gssapi.conf b/roles/mod_auth_gssapi/files/gssapi.conf
new file mode 100644
index 0000000..4151dd8
--- /dev/null
+++ b/roles/mod_auth_gssapi/files/gssapi.conf
@@ -0,0 +1,3 @@
+<Location />
+  GssapiCredStore keytab:/etc/httpd/httpd.keytab
+</Location>
diff --git a/roles/mod_auth_gssapi/tasks/main.yml b/roles/mod_auth_gssapi/tasks/main.yml
index af7a825..333f537 100644
--- a/roles/mod_auth_gssapi/tasks/main.yml
+++ b/roles/mod_auth_gssapi/tasks/main.yml
@@ -6,8 +6,10 @@
   notify: restart apache
 
 - name: set keytab path
-  lineinfile:
-    path: /etc/sysconfig/httpd
-    regexp: "^KRB5_KTNAME=.*"
-    line: KRB5_KTNAME=/etc/httpd/httpd.keytab
+  copy:
+    dest: /etc/httpd/conf.local.d/00-gssapi.conf
+    src: gssapi.conf
+    mode: 0644
+    owner: root
+    group: "{{ ansible_wheel }}"
   notify: restart apache