allow to specify gss principal and keytab
diff --git a/README.rst b/README.rst
index 63750ea..a3c581d 100644
--- a/README.rst
+++ b/README.rst
@@ -44,7 +44,10 @@
target:
engine: dup
url: webdavs://user@backup.cloud/example.com/box.example.com/
- auth: gss
+ auth:
+ gss:
+ principal: host/${linux:network:fqdn}
+ keytab: /etc/krb5.keytab
Backup server rsync/rdiff
diff --git a/backupninja/client.sls b/backupninja/client.sls
index f9f7d39..3602535 100644
--- a/backupninja/client.sls
+++ b/backupninja/client.sls
@@ -112,7 +112,7 @@
- pkg: backupninja_packages
{%- endif %}
-{%- if client.target.auth is defined and client.target.auth == 'gss' %}
+{%- if client.target.auth.gss is defined %}
backupninja_gss_helper_{{ backup_name }}_kinit:
file.managed:
- name: /etc/backup.d/100.{{ backup_name }}-kinit.sh
diff --git a/backupninja/files/gss_kinit b/backupninja/files/gss_kinit
index 3b6fe06..676d1eb 100644
--- a/backupninja/files/gss_kinit
+++ b/backupninja/files/gss_kinit
@@ -1,2 +1,15 @@
-kinit -kt /etc/krb5.keytab host/`hostname -f`
+{%- from "backupninja/map.jinja" import client with context %}
+{%- set principal = "host/`hostname -f`" -%}
+
+{%- if client.target.auth.gss.principal is defined -%}
+{%- set principal = client.target.auth.gss.principal -%}
+{%- endif -%}
+
+{%- set keytab = "/etc/krb5.keytab" -%}
+
+{%- if client.target.auth.gss.keytab is defined -%}
+{%- set keytab = client.target.auth.gss.keytab -%}
+{%- endif -%}
+
+kinit -kt {{ keytab }} {{ principal }}