diff --git a/roles/kerberos/kdc/meta/main.yml b/roles/kerberos/kdc/meta/main.yml
new file mode 100644
index 0000000..dfb9ccd
--- /dev/null
+++ b/roles/kerberos/kdc/meta/main.yml
@@ -0,0 +1,4 @@
+---
+dependencies:
+  - {role: nginx/server}
+  - {role: gunicorn}
diff --git a/roles/kerberos/kdc/tasks/main.yml b/roles/kerberos/kdc/tasks/main.yml
index 4661884..9c53c9c 100644
--- a/roles/kerberos/kdc/tasks/main.yml
+++ b/roles/kerberos/kdc/tasks/main.yml
@@ -6,6 +6,7 @@
   with_items:
     - krb5-server
     - krb5-server-ldap
+    - python-kdcproxy
 
 - name: create kerberos config
   template:
@@ -33,3 +34,33 @@
     name: krb5kdc
     state: started
     enabled: true
+
+- name: create kdcproxy group
+  group:
+    name: kdcproxy
+    system: true
+
+- name: create kdcproxy user
+  user:
+    name: kdcproxy
+    comment: KDC Proxy
+    group: kdcproxy
+    groups: gunicorn
+    home: /var/empty
+    shell: /sbin/nologin
+    system: true
+
+- name: create kdcproxy socket file
+  copy:
+    dest: /lib/systemd/system/gunicorn@kdcproxy.socket
+    src: /lib/systemd/system/gunicorn@.socket
+    mode: 0644
+    owner: root
+    group: "{{ ansible_wheel }}"
+    remote_src: true
+
+- name: enable kdcproxy socket
+  systemd:
+    name: gunicorn@kdcproxy.socket
+    enabled: true
+    state: started