diff --git a/playbooks/mail.yml b/playbooks/mail.yml
index dd3cfd0..5d1cd93 100644
--- a/playbooks/mail.yml
+++ b/playbooks/mail.yml
@@ -15,10 +15,6 @@
       principals:
         - "host/{{ inventory_hostname }}@{{ kerberos_realm }}"
         - "smtp/{{ mail_server }}@{{ kerberos_realm }}"
-    - role: kerberos/keytab
-      keytab: /etc/dovecot/dovecot.keytab
-      principals:
-        - "imap/{{ mail_server }}@{{ kerberos_realm }}"
     - nfs-client
     - sssd
     - autofs
diff --git a/roles/dovecot/tasks/main.yml b/roles/dovecot/tasks/main.yml
index 56aece0..1332dc6 100644
--- a/roles/dovecot/tasks/main.yml
+++ b/roles/dovecot/tasks/main.yml
@@ -5,6 +5,14 @@
     name: dovecot
     state: installed
 
+- name: create kerberos keytab
+  include_role:
+    name: kerberos/keytab
+  vars:
+    keytab: /etc/dovecot/dovecot.keytab
+    principals:
+      - "imap/{{ mail_server }}@{{ kerberos_realm }}"
+
 - name: install privatekey
   copy:
     dest: "{{ tls_private }}/{{ mail_server }}.key"