koji-hub: redo some keytab stuff to get riscv-koji happier

Signed-off-by: Kevin Fenzi <kevin@scrye.com>

roles/koji_hub/templates/hub.conf.j2

@@ -43,7 +43,13 @@ HostPrincipalFormat = compile/%s@FEDORAPROJECT.ORG
 {% else %}
 HostPrincipalFormat = compile-riscv/%s@FEDORAPROJECT.ORG
 {% endif %}
+{% if koji_instance == "primary" %}
 AuthKeytab = /etc/koji-hub/koji-hub.keytab
+{% elif koji_instance == "secondary" %}
+AuthKeytab = /etc/krb5.HTTP_koji.fedoraproject.org.keytab
+{% else %}
+AuthKeytab = /etc/koji-hub/koji-hub.keytab
+{% endif %}
 
 ##  SSL client certificate auth configuration  ##
 #note: ssl auth may also require editing the httpd config (conf.d/kojihub.conf)

roles/koji_hub/templates/kojiweb.conf.j2

@@ -35,11 +35,7 @@ WSGIDaemonProcess koji lang=C.UTF-8
     AuthType GSSAPI
     GssapiSSLonly Off
     AuthName "GSSAPI Single Sign On Login"
-{% if koji_instance == "secondary" %}
-    GssapiCredStore keytab:/etc/krb5.HTTP_riscv-koji{{env_suffix}}.fedoraproject.org.keytab
-{% else %}
     GssapiCredStore keytab:/etc/krb5.HTTP_koji{{env_suffix}}.fedoraproject.org.keytab
-{% endif %}
     Require valid-user
 </Location>