diff --git a/README.md b/README.md
index 5ad9664fb8acd1c0d6608d84f330c84b7ee29b7c..f54024d8d544cc58da7ee56c748c23fb2da039a4 100644
--- a/README.md
+++ b/README.md
@@ -70,6 +70,9 @@ Variables
 **ipaservers** - Group of IPA server hostnames.
  (list of strings, optional)
 
+**ipaadmin_keytab** - The path to the admin keytab used for alternative authentication.
+ (string, optional)
+
 **ipaclient_domain** - The primary DNS domain of an existing IPA deployment.
  (string, optional)
 
diff --git a/roles/ipaclient/tasks/install.yml b/roles/ipaclient/tasks/install.yml
index febc6398612920b301d8776c9fafae2ea3640f59..ff3f5f047e7de8237dbe6f8d7869eb89d5b20685 100644
--- a/roles/ipaclient/tasks/install.yml
+++ b/roles/ipaclient/tasks/install.yml
@@ -33,7 +33,7 @@
       state: present
       principal: "{{ ipaclient_principal | default('admin') }}"
       password: "{{ ipaclient_password | default(omit) }}"
-      keytab: "{{ ipaclient_keytab | default(omit) }}"
+      keytab: "{{ ipaadmin_keytab | default(omit) }}"
       fqdn: "{{ ansible_fqdn }}"
       lifetime: "{{ ipaclient_lifetime | default(omit) }}"
       random: True