From 6dcecdc2966b07e8333680deded6d94b19af813b Mon Sep 17 00:00:00 2001
From: Thomas Woerner <twoerner@redhat.com>
Date: Fri, 15 Sep 2017 18:55:30 +0200
Subject: [PATCH] roles/ipaclient/tasks/install.yml: Use ipaadmin_keytab for
 admin keytab

The use od ipaclient_keytab for ipahost is not correct as the admin keytab
needs to be used here.
---
 README.md                         | 3 +++
 roles/ipaclient/tasks/install.yml | 2 +-
 2 files changed, 4 insertions(+), 1 deletion(-)

diff --git a/README.md b/README.md
index 5ad9664f..f54024d8 100644
--- a/README.md
+++ b/README.md
@@ -70,6 +70,9 @@ Variables
 **ipaservers** - Group of IPA server hostnames.
  (list of strings, optional)
 
+**ipaadmin_keytab** - The path to the admin keytab used for alternative authentication.
+ (string, optional)
+
 **ipaclient_domain** - The primary DNS domain of an existing IPA deployment.
  (string, optional)
 
diff --git a/roles/ipaclient/tasks/install.yml b/roles/ipaclient/tasks/install.yml
index febc6398..ff3f5f04 100644
--- a/roles/ipaclient/tasks/install.yml
+++ b/roles/ipaclient/tasks/install.yml
@@ -33,7 +33,7 @@
       state: present
       principal: "{{ ipaclient_principal | default('admin') }}"
       password: "{{ ipaclient_password | default(omit) }}"
-      keytab: "{{ ipaclient_keytab | default(omit) }}"
+      keytab: "{{ ipaadmin_keytab | default(omit) }}"
       fqdn: "{{ ansible_fqdn }}"
       lifetime: "{{ ipaclient_lifetime | default(omit) }}"
       random: True
-- 
GitLab