From 5d9bc1608f6b9798671565a8168485cff7ad1934 Mon Sep 17 00:00:00 2001
From: Timo Makinen <tmakinen@foo.sh>
Date: Thu, 18 Mar 2021 00:28:33 +0000
Subject: [PATCH] mod_auth_gssapi: Fix keytab path config for CentOS 8

CentOS 8 doesn't apache doesn't read /etc/sysconfig/httpd anymore so
try to set keytab path location in apache config files.
---
 roles/mod_auth_gssapi/files/gssapi.conf |  3 +++
 roles/mod_auth_gssapi/tasks/main.yml    | 10 ++++++----
 2 files changed, 9 insertions(+), 4 deletions(-)
 create mode 100644 roles/mod_auth_gssapi/files/gssapi.conf

diff --git a/roles/mod_auth_gssapi/files/gssapi.conf b/roles/mod_auth_gssapi/files/gssapi.conf
new file mode 100644
index 0000000..4151dd8
--- /dev/null
+++ b/roles/mod_auth_gssapi/files/gssapi.conf
@@ -0,0 +1,3 @@
+<Location />
+  GssapiCredStore keytab:/etc/httpd/httpd.keytab
+</Location>
diff --git a/roles/mod_auth_gssapi/tasks/main.yml b/roles/mod_auth_gssapi/tasks/main.yml
index af7a825..333f537 100644
--- a/roles/mod_auth_gssapi/tasks/main.yml
+++ b/roles/mod_auth_gssapi/tasks/main.yml
@@ -6,8 +6,10 @@
   notify: restart apache
 
 - name: set keytab path
-  lineinfile:
-    path: /etc/sysconfig/httpd
-    regexp: "^KRB5_KTNAME=.*"
-    line: KRB5_KTNAME=/etc/httpd/httpd.keytab
+  copy:
+    dest: /etc/httpd/conf.local.d/00-gssapi.conf
+    src: gssapi.conf
+    mode: 0644
+    owner: root
+    group: "{{ ansible_wheel }}"
   notify: restart apache