diff --git a/roles/keytab/service/tasks/main.yml b/roles/keytab/service/tasks/main.yml
index 8e04b6efda..93c3c4cf38 100644
--- a/roles/keytab/service/tasks/main.yml
+++ b/roles/keytab/service/tasks/main.yml
@@ -40,11 +40,16 @@
 
 - name: Grant host access to keytab
   delegate_to: "{{ ipa_server }}"
-  command: ipa service-allow-retrieve-keytab {{service}}/{{host}} --hosts={{inventory_hostname}}
-  register: service_perm_add_result
+  command:
+    argv:
+    - ipa
+    - "{{ (service == 'host')|ternary('host', 'service') }}-allow-retrieve-keytab"
+    - "{{service}}/{{host}}"
+    - --hosts={{inventory_hostname}}
+  register: perm_add_result
   check_mode: no
-  changed_when: "'members added 1' in service_perm_add_result.stdout"
-  failed_when: "not ('members added' in service_perm_add_result.stdout)"
+  changed_when: "'members added 1' in perm_add_result.stdout"
+  failed_when: "not ('members added' in perm_add_result.stdout)"
   tags:
   - keytab
   - config
@@ -53,11 +58,16 @@
 
 - name: Grant admin access to keytab
   delegate_to: "{{ ipa_server }}"
-  command: ipa service-allow-retrieve-keytab {{service}}/{{host}} --users=admin
-  register: service_perm_add_result
+  command:
+    argv:
+    - ipa
+    - "{{ (service == 'host')|ternary('host', 'service') }}-allow-retrieve-keytab"
+    - "{{service}}/{{host}}"
+    - --users=admin
+  register: perm_add_result
   check_mode: no
-  changed_when: "'members added 1' in service_perm_add_result.stdout"
-  failed_when: "not ('members added' in service_perm_add_result.stdout)"
+  changed_when: "'members added 1' in perm_add_result.stdout"
+  failed_when: "not ('members added' in perm_add_result.stdout)"
   tags:
   - keytab
   - config