diff --git a/ci/samba-dc.jenkinsfile b/ci/samba-dc.jenkinsfile
index 351e2a8..4b82464 100644
--- a/ci/samba-dc.jenkinsfile
+++ b/ci/samba-dc.jenkinsfile
@@ -10,27 +10,39 @@ pipeline {
     }
 
     stages {
-        stage('Prepare') {
+        stage('kinit') {
             steps {
                 withCredentials([file(
-                        credentialsId: 'vault-jenkins@pyrocufflink.blue',
-                        variable: 'SUDO_PASS_FILE')]) {
-                    sh 'cp -f "${SUDO_PASS_FILE}" sudo-pass'
+                        credentialsId: 'keytab-jenkins@pyrocufflink.blue',
+                        variable: 'KEYTAB')]) {
+                    sh 'kinit -kt "${KEYTAB}" jenkins@PYROCUFFLINK.BLUE'
                 }
             }
         }
 
         stage('Domain Controller') {
             steps {
-                withCredentials([file(
-                        credentialsId: 'ansible-vault',
-                        variable: 'ANSIBLE_VAULT_PASSWORD_FILE')]) {
-                    sshagent(['jenkins-ssh']) {
-                        sh 'ansible-playbook --check --diff -b domain-controller.yml -e @sudo-pass'
-                    }
+                withCredentials([
+                        file(
+                            credentialsId: 'ansible-vault',
+                            variable: 'ANSIBLE_VAULT_PASSWORD_FILE',
+                        ),
+                        file(
+                            credentialsId: 'vault-jenkins@pyrocufflink.blue',
+                            variable: 'SUDO_PASS_FILE',
+                        ),
+                        ]) {
+                    sh '''
+ansible-playbook --check --diff -b domain-controller.yml -e "@${SUDO_PASS_FILE}"
+'''
                 }
             }
         }
+    }
 
+    post {
+        always {
+            sh 'kdestroy'
+        }
     }
 }