diff --git a/playbooks/groups/ipa.yml b/playbooks/groups/ipa.yml
index 6783fcf3b7..05a5c5db79 100644
--- a/playbooks/groups/ipa.yml
+++ b/playbooks/groups/ipa.yml
@@ -69,22 +69,22 @@
     - krb5
     - ipa/server
   # original: /etc/httpd/conf/ipa.keytab
-  - name: Make IPA HTTP use the combined keytab
-    lineinfile: dest=/etc/httpd/conf.d/ipa.conf
-                regexp='GssapiCredStore keytab:'
-                line='  GssapiCredStore keytab:/etc/krb5.HTTP_id{{env_suffix}}.fedoraproject.org.keytab.combined'
-    tags:
-    - krb5
-    - ipa/server
-    - config
-  - name: Make IPA HTTP use the id.fp.o client keytab
-    lineinfile: dest=/etc/httpd/conf.d/ipa.conf
-                regexp='GssapiCredStore client_keytab:'
-                line='  GssapiCredStore client_keytab:/etc/krb5.HTTP_id{{env_suffix}}.fedoraproject.org.keytab'
-    tags:
-    - krb5
-    - ipa/server
-    - config
+  #- name: Make IPA HTTP use the combined keytab
+  #  lineinfile: dest=/etc/httpd/conf.d/ipa.conf
+  #              regexp='GssapiCredStore keytab:'
+  #              line='  GssapiCredStore keytab:/etc/krb5.HTTP_id{{env_suffix}}.fedoraproject.org.keytab.combined'
+  #  tags:
+  #  - krb5
+  #  - ipa/server
+  #  - config
+  #- name: Make IPA HTTP use the id.fp.o client keytab
+  #  lineinfile: dest=/etc/httpd/conf.d/ipa.conf
+  #              regexp='GssapiCredStore client_keytab:'
+  #              line='  GssapiCredStore client_keytab:/etc/krb5.HTTP_id{{env_suffix}}.fedoraproject.org.keytab'
+  #  tags:
+  #  - krb5
+  #  - ipa/server
+  #  - config
 
 - name: do base role once more to revert any resolvconf changes
   hosts: ipa:ipa-stg