diff --git a/roles/koji_hub/tasks/main.yml b/roles/koji_hub/tasks/main.yml
index d6d6a21c81..72ffc6307d 100644
--- a/roles/koji_hub/tasks/main.yml
+++ b/roles/koji_hub/tasks/main.yml
@@ -82,7 +82,6 @@
 #
 
 - name: install koji-hub keytab
-  when: env == "staging"
   copy: src={{ private }}/files/keytabs/{{ env }}/koji-hub dest=/etc/koji-hub/koji-hub.keytab
         owner=apache group=apache mode=0600
   notify:
diff --git a/roles/koji_hub/templates/hub.conf.j2 b/roles/koji_hub/templates/hub.conf.j2
index d703c5d04c..c6217f73b0 100644
--- a/roles/koji_hub/templates/hub.conf.j2
+++ b/roles/koji_hub/templates/hub.conf.j2
@@ -20,13 +20,15 @@ KojiDir = /mnt/koji
 MemoryWarnThreshold = 10000
 MaxRequestLength = 83886080
 
-{% if env == "staging" %}
 # Kerb auth
 
+{% if env == "staging" %}
 AuthPrincipal = host/koji.stg.fedoraproject.org
+{% else %}
+AuthPrincipal = host/koji.fedoraproject.org
+{% endif %}
 AuthKeytab = /etc/koji-hub/koji-hub.keytab
 
-{% endif %}
 ##  SSL client certificate auth configuration  ##
 #note: ssl auth may also require editing the httpd config (conf.d/kojihub.conf)