From 5eda17494d6903929d804a776aef058ed84c5ece Mon Sep 17 00:00:00 2001
From: Timo Makinen <tmakinen@foo.sh>
Date: Thu, 18 Mar 2021 11:01:19 +0000
Subject: [PATCH] mod_auth_gssapi: Set keytab path in environment variables

---
 roles/mod_auth_gssapi/files/gssapi.conf |  3 ---
 roles/mod_auth_gssapi/tasks/main.yml    | 12 ++++++++++--
 2 files changed, 10 insertions(+), 5 deletions(-)
 delete mode 100644 roles/mod_auth_gssapi/files/gssapi.conf

diff --git a/roles/mod_auth_gssapi/files/gssapi.conf b/roles/mod_auth_gssapi/files/gssapi.conf
deleted file mode 100644
index 4151dd8..0000000
--- a/roles/mod_auth_gssapi/files/gssapi.conf
+++ /dev/null
@@ -1,3 +0,0 @@
-<Location />
-  GssapiCredStore keytab:/etc/httpd/httpd.keytab
-</Location>
diff --git a/roles/mod_auth_gssapi/tasks/main.yml b/roles/mod_auth_gssapi/tasks/main.yml
index 333f537..9c5e2f7 100644
--- a/roles/mod_auth_gssapi/tasks/main.yml
+++ b/roles/mod_auth_gssapi/tasks/main.yml
@@ -5,10 +5,18 @@
     state: installed
   notify: restart apache
 
+- name: create httpd service drop-in directory
+  file:
+    path: /etc/systemd/system/httpd.service.d
+    state: directory
+    mode: 0755
+    owner: root
+    group: "{{ ansible_wheel }}"
+
 - name: set keytab path
   copy:
-    dest: /etc/httpd/conf.local.d/00-gssapi.conf
-    src: gssapi.conf
+    dest: /etc/systemd/system/httpd.service.d/keytab.conf
+    content: "[Service]\nEnvironment=KRB5_KTNAME=/etc/httpd/httpd.keytab\n"
     mode: 0644
     owner: root
     group: "{{ ansible_wheel }}"