diff --git a/roles/mod_auth_gssapi/files/gssapi.conf b/roles/mod_auth_gssapi/files/gssapi.conf
deleted file mode 100644
index 4151dd8..0000000
--- a/roles/mod_auth_gssapi/files/gssapi.conf
+++ /dev/null
@@ -1,3 +0,0 @@
-<Location />
-  GssapiCredStore keytab:/etc/httpd/httpd.keytab
-</Location>
diff --git a/roles/mod_auth_gssapi/tasks/main.yml b/roles/mod_auth_gssapi/tasks/main.yml
index 333f537..9c5e2f7 100644
--- a/roles/mod_auth_gssapi/tasks/main.yml
+++ b/roles/mod_auth_gssapi/tasks/main.yml
@@ -5,10 +5,18 @@
     state: installed
   notify: restart apache
 
+- name: create httpd service drop-in directory
+  file:
+    path: /etc/systemd/system/httpd.service.d
+    state: directory
+    mode: 0755
+    owner: root
+    group: "{{ ansible_wheel }}"
+
 - name: set keytab path
   copy:
-    dest: /etc/httpd/conf.local.d/00-gssapi.conf
-    src: gssapi.conf
+    dest: /etc/systemd/system/httpd.service.d/keytab.conf
+    content: "[Service]\nEnvironment=KRB5_KTNAME=/etc/httpd/httpd.keytab\n"
     mode: 0644
     owner: root
     group: "{{ ansible_wheel }}"