diff --git a/install-office-terminal.yml b/install-office-terminal.yml
index 63aaf38..9baee5c 100644
--- a/install-office-terminal.yml
+++ b/install-office-terminal.yml
@@ -9,5 +9,5 @@
       - devel
       - generate-hosts
       - auth
-      - nfs
       - csc-packages
+      - nfs
diff --git a/roles/auth/files/GlobalSign_Intermediate_Root_SHA256_G2.pem b/roles/auth/files/GlobalSign_Intermediate_Root_SHA256_G2.pem
new file mode 100644
index 0000000..c846c09
--- /dev/null
+++ b/roles/auth/files/GlobalSign_Intermediate_Root_SHA256_G2.pem
@@ -0,0 +1,26 @@
+-----BEGIN CERTIFICATE-----
+MIIEaTCCA1GgAwIBAgILBAAAAAABRE7wQkcwDQYJKoZIhvcNAQELBQAwVzELMAkG
+A1UEBhMCQkUxGTAXBgNVBAoTEEdsb2JhbFNpZ24gbnYtc2ExEDAOBgNVBAsTB1Jv
+b3QgQ0ExGzAZBgNVBAMTEkdsb2JhbFNpZ24gUm9vdCBDQTAeFw0xNDAyMjAxMDAw
+MDBaFw0yNDAyMjAxMDAwMDBaMGYxCzAJBgNVBAYTAkJFMRkwFwYDVQQKExBHbG9i
+YWxTaWduIG52LXNhMTwwOgYDVQQDEzNHbG9iYWxTaWduIE9yZ2FuaXphdGlvbiBW
+YWxpZGF0aW9uIENBIC0gU0hBMjU2IC0gRzIwggEiMA0GCSqGSIb3DQEBAQUAA4IB
+DwAwggEKAoIBAQDHDmw/I5N/zHClnSDDDlM/fsBOwphJykfVI+8DNIV0yKMCLkZc
+C33JiJ1Pi/D4nGyMVTXbv/Kz6vvjVudKRtkTIso21ZvBqOOWQ5PyDLzm+ebomchj
+SHh/VzZpGhkdWtHUfcKc1H/hgBKueuqI6lfYygoKOhJJomIZeg0k9zfrtHOSewUj
+mxK1zusp36QUArkBpdSmnENkiN74fv7j9R7l/tyjqORmMdlMJekYuYlZCa7pnRxt
+Nw9KHjUgKOKv1CGLAcRFrW4rY6uSa2EKTSDtc7p8zv4WtdufgPDWi2zZCHlKT3hl
+2pK8vjX5s8T5J4BO/5ZS5gIg4Qdz6V0rvbLxAgMBAAGjggElMIIBITAOBgNVHQ8B
+Af8EBAMCAQYwEgYDVR0TAQH/BAgwBgEB/wIBADAdBgNVHQ4EFgQUlt5h8b0cFilT
+HMDMfTuDAEDmGnwwRwYDVR0gBEAwPjA8BgRVHSAAMDQwMgYIKwYBBQUHAgEWJmh0
+dHBzOi8vd3d3Lmdsb2JhbHNpZ24uY29tL3JlcG9zaXRvcnkvMDMGA1UdHwQsMCow
+KKAmoCSGImh0dHA6Ly9jcmwuZ2xvYmFsc2lnbi5uZXQvcm9vdC5jcmwwPQYIKwYB
+BQUHAQEEMTAvMC0GCCsGAQUFBzABhiFodHRwOi8vb2NzcC5nbG9iYWxzaWduLmNv
+bS9yb290cjEwHwYDVR0jBBgwFoAUYHtmGkUNl8qJUC99BM00qP/8/UswDQYJKoZI
+hvcNAQELBQADggEBAEYq7l69rgFgNzERhnF0tkZJyBAW/i9iIxerH4f4gu3K3w4s
+32R1juUYcqeMOovJrKV3UPfvnqTgoI8UV6MqX+x+bRDmuo2wCId2Dkyy2VG7EQLy
+XN0cvfNVlg/UBsD84iOKJHDTu/B5GqdhcIOKrwbFINihY9Bsrk8y1658GEV1BSl3
+30JAZGSGvip2CTFvHST0mdCF/vIhCPnG9vHQWe3WVjwIKANnuvD58ZAWR65n5ryA
+SOlCdjSXVWkkDoPWoC209fN5ikkodBpBocLTJIg1MGCUF7ThBCIxPTsvFwayuJ2G
+K1pp74P1S8SqtCr4fKGxhZSM9AyHDPSsQPhZSZg=
+-----END CERTIFICATE-----
diff --git a/roles/auth/tasks/main.yml b/roles/auth/tasks/main.yml
index 7f7f0d0..17d25df 100644
--- a/roles/auth/tasks/main.yml
+++ b/roles/auth/tasks/main.yml
@@ -19,13 +19,16 @@
       - libpam-sss
 
 - name: copy over configs
-  template: src={{ item.src }} dest={{ item.dest }}
+  copy: src={{ item.src }} dest={{ item.dest }}
   with_items:
       - { src: 'krb5.conf', dest: '/etc/krb5.conf' }
       - { src: 'ldap.conf', dest: '/etc/ldap/ldap.conf' }
       - { src: 'sssd.conf', dest: '/etc/sssd/sssd.conf' }
       - { src: 'sshd_config', dest: '/etc/ssh/sshd_config' }
       - { src: 'ssh_config', dest: '/etc/ssh/ssh_config' }
+      - { src: 'GlobalSign_Intermediate_Root_SHA256_G2.pem', dest: '/etc/ssl/certs/GlobalSign_Intermediate_Root_SHA256_G2.pem' }
+- name: make sssd.conf accessable only by root
+  file: path=/etc/sssd/sssd.conf owner=root group=root mode=0600
 
 - name: configure PAM for syscom machine
   when: syscom
@@ -51,4 +54,4 @@
   service: name={{ item }} state=restarted
   with_items:
       - sssd
-      - ssh
\ No newline at end of file
+      - ssh
diff --git a/roles/auth/vars/main.yml b/roles/auth/vars/main.yml
new file mode 100644
index 0000000..9d829ac
--- /dev/null
+++ b/roles/auth/vars/main.yml
@@ -0,0 +1,2 @@
+---
+syscom: False
diff --git a/roles/devel/tasks/main.yml b/roles/devel/tasks/main.yml
index 77e057e..5b6c9ac 100644
--- a/roles/devel/tasks/main.yml
+++ b/roles/devel/tasks/main.yml
@@ -278,7 +278,7 @@
 -   name: Install misc libs
     apt: name={{ item }} state=latest
     with_items:
-        - libpam2-dev
+        - libldap2-dev
         - libpam0g-dev
         - comerr-dev
         - e2fslibs-dev