From 0829b1b2e89d74e441fecc5733ed855366c71043 Mon Sep 17 00:00:00 2001
From: "Andreas B. Mundt" <andi@debian.org>
Date: Sun, 8 Dec 2019 08:43:26 +0100
Subject: [PATCH] Kerberize firefox in the local domain.

---
 roles/kerberize/tasks/main.yml | 15 +++++++++++++++
 1 file changed, 15 insertions(+)

diff --git a/roles/kerberize/tasks/main.yml b/roles/kerberize/tasks/main.yml
index 6fcecc2..dc4d9c4 100644
--- a/roles/kerberize/tasks/main.yml
+++ b/roles/kerberize/tasks/main.yml
@@ -16,3 +16,18 @@
     dest: /etc/ssh/ssh_config
     line: "GSSAPIDelegateCredentials yes"
     insertafter: "#   GSSAPIDelegateCredentials no"
+
+
+- name: check if firewox is available
+  stat: path=/etc/firefox-esr/firefox-esr.js
+  register: firefox
+
+- name: kerberize firefox for sites in the local domain
+  lineinfile:
+    dest: /etc/firefox-esr/firefox-esr.js
+    line: "{{ item }}"
+  with_items:
+    - '// kerberize for sites in the local domain:'
+    - 'pref("network.negotiate-auth.delegation-uris", "{{ ansible_domain }}");'
+    - 'pref("network.negotiate-auth.trusted-uris", "{{ ansible_domain }}");'
+  when: firefox.stat.exists