From 64ac331b10cc7d4907207c3d75cfb88c9ec51117 Mon Sep 17 00:00:00 2001
From: Lexi Winter <ivy@FreeBSD.org>
Date: Tue, 3 Jun 2025 14:02:32 +0100
Subject: kerberos.sh: make keytab configurable

---
 kerberos.sh | 6 +++++-
 1 file changed, 5 insertions(+), 1 deletion(-)

(limited to 'kerberos.sh')

diff --git a/kerberos.sh b/kerberos.sh
index 9b5d3ae..dad7aad 100644
--- a/kerberos.sh
+++ b/kerberos.sh
@@ -22,7 +22,11 @@ if [ "$METHOD" != "dns-01" ]; then
 	exit 1
 fi
 
-if ! kinit -k -t /etc/krb5.keytab "$ACME_KERBEROS_PRINCIPAL"; then
+if [ -z "$ACME_KERBEROS_KEYTAB" ]; then
+	ACME_KERBEROS_KEYTAB="/etc/krb5.keytab"
+fi
+
+if ! kinit -k -t "$ACME_KERBEROS_KEYTAB" "$ACME_KERBEROS_PRINCIPAL"; then
 	_fatal "failed to obtain a Kerberos ticket"
 fi
 
-- 
cgit v1.2.3