From 8daef41e0a132820dbbac5698d6055f883b0e998 Mon Sep 17 00:00:00 2001
From: Thomas Woerner <twoerner@redhat.com>
Date: Fri, 15 Sep 2017 18:56:09 +0200
Subject: [PATCH] roles/ipaclient/tasks/install.yml: Do not set principal with
 keytab for join

---
 roles/ipaclient/tasks/install.yml | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/roles/ipaclient/tasks/install.yml b/roles/ipaclient/tasks/install.yml
index ff3f5f04..3ad2728d 100644
--- a/roles/ipaclient/tasks/install.yml
+++ b/roles/ipaclient/tasks/install.yml
@@ -75,7 +75,7 @@
     basedn: "{{ ipadiscovery.basedn }}"
     hostname: "{{ ipadiscovery.hostname }}"
     force_join: "{{ ipaclient_force_join | default(omit) }}"
-    principal: "{{ ipaclient_principal if not ipaclient_use_otp | bool else '' }}"
+    principal: "{{ ipaclient_principal if not ipaclient_use_otp | bool and not ipaclient_keytab else '' }}"
     password: "{{ ipaclient_password | default(omit) }}"
     keytab: "{{ ipaclient_keytab | default(omit) }}"
     #ca_cert_file: "{{ ipaclient_ca_cert_file | default(omit) }}"
-- 
GitLab