diff --git a/roles/koji_hub/tasks/main.yml b/roles/koji_hub/tasks/main.yml
index 41c189ddf4..e0624b673a 100644
--- a/roles/koji_hub/tasks/main.yml
+++ b/roles/koji_hub/tasks/main.yml
@@ -91,6 +91,15 @@
   - config
   - koji_hub
 
+- name: install GSSAPI keytab
+  copy: src={{ private }}/files/keytabs/{{ env }}/koji-gssapi dest=/etc/koji-hub/gssapi.keytab
+        owner=apache group=apache mode=0600
+  notify:
+  - reload httpd
+  tags:
+  - config
+  - koji_hub
+
 #
 # install production certs and keys
 #
diff --git a/roles/koji_hub/templates/kojihub.conf.j2 b/roles/koji_hub/templates/kojihub.conf.j2
index 144574c1e9..fcee71d5e4 100644
--- a/roles/koji_hub/templates/kojihub.conf.j2
+++ b/roles/koji_hub/templates/kojihub.conf.j2
@@ -29,7 +29,7 @@ Alias /kojifiles "/mnt/koji/"
 	 GssapiSSLonly On
          GssapiLocalName On
 	 AuthName "GSSAPI Single Sign On Login"
-	 GssapiCredStore keytab:/etc/koji-hub-http.keytab
+	 GssapiCredStore keytab:/etc/koji-hub/gssapi.keytab
 	 Require valid-user
 </Location>