From af6a1915e2bd56013489a14da0f168ed8eb485c8 Mon Sep 17 00:00:00 2001
From: Patrick Uiterwijk <puiterwijk@redhat.com>
Date: Fri, 3 Nov 2017 21:43:53 +0000
Subject: [PATCH] Use new keytabs for secondary kojis

Signed-off-by: Patrick Uiterwijk <puiterwijk@redhat.com>
---
 roles/koji_hub/templates/kojihub.conf.j2 | 6 +++++-
 1 file changed, 5 insertions(+), 1 deletion(-)

diff --git a/roles/koji_hub/templates/kojihub.conf.j2 b/roles/koji_hub/templates/kojihub.conf.j2
index 0d5e61496f..2b38551625 100644
--- a/roles/koji_hub/templates/kojihub.conf.j2
+++ b/roles/koji_hub/templates/kojihub.conf.j2
@@ -29,7 +29,11 @@ Alias /kojifiles "/mnt/koji/"
 	 GssapiSSLonly Off
          GssapiLocalName On
 	 AuthName "GSSAPI Single Sign On Login"
-	 GssapiCredStore keytab:/etc/koji-hub/gssapi.keytab
+	 {% if fedmsg_koji_instance == "primary" %}
+		GssapiCredStore keytab:/etc/koji-hub/gssapi.keytab
+         {% else %}
+		GssapiCredStore keytab:/etc/krb5.HTTP_{{ fedmsg_koji_instance }}.koji.fedoraproject.org.keytab
+	 {% endif %}
 	 Require valid-user
 </Location>