diff --git a/playbooks/groups/koji-hub.yml b/playbooks/groups/koji-hub.yml
index dbc124e3a8..353ed9aa4a 100644
--- a/playbooks/groups/koji-hub.yml
+++ b/playbooks/groups/koji-hub.yml
@@ -31,6 +31,13 @@
   - apache
   - fedmsg/base
   - koji_hub
+  - role: keytab/service
+    owner_user: apache
+    owner_group: apache
+    kt_location: /etc/koji-hub/koji-hub.keytab
+    service: host
+    host: "koji.stg.fedoraproject.org"
+    when: env == "staging"
   - { role: nfs/server, when: env == "staging" }
   - { role: keepalived, when: env == "production" and inventory_hostname.startswith('koji') }
   - role: nfs/client
diff --git a/roles/koji_hub/tasks/main.yml b/roles/koji_hub/tasks/main.yml
index 41c189ddf4..c41c02c48d 100644
--- a/roles/koji_hub/tasks/main.yml
+++ b/roles/koji_hub/tasks/main.yml
@@ -85,6 +85,7 @@
 - name: install koji-hub keytab
   copy: src={{ private }}/files/keytabs/{{ env }}/koji-hub dest=/etc/koji-hub/koji-hub.keytab
         owner=apache group=apache mode=0600
+  when: env != "staging"
   notify:
   - reload httpd
   tags: