diff --git a/roles/openshift-apps/fasjson/templates/httpd.conf b/roles/openshift-apps/fasjson/templates/httpd.conf
index 5a27f1d0bc..da6684b164 100644
--- a/roles/openshift-apps/fasjson/templates/httpd.conf
+++ b/roles/openshift-apps/fasjson/templates/httpd.conf
@@ -79,6 +79,7 @@ WSGIRestrictSignal Off
   GssapiSessionKey file:/httpdir/run/session.key
 
   GssapiCredStore keytab:/etc/keytabs/http
+  GssapiCredStore client_keytab:/etc/keytabs/http
   GssapiDelegCcacheDir /httpdir/run/ccaches
   GssapiDelegCcachePerms mode:0660
   GssapiUseS4U2Proxy on
diff --git a/roles/openshift-apps/fasjson/templates/krb5.conf b/roles/openshift-apps/fasjson/templates/krb5.conf
index 110aa822f6..302bad5386 100644
--- a/roles/openshift-apps/fasjson/templates/krb5.conf
+++ b/roles/openshift-apps/fasjson/templates/krb5.conf
@@ -9,7 +9,7 @@ includedir /etc/krb5.conf.d/
   ticket_lifetime = 24h
   forwardable = true
   udp_preference_limit = 0
-  default_ccache_name = KEYRING:persistent:%{uid}
+  default_ccache_name = FILE:/tmp/%u.ccache
 
 [realms]
   {{ ipa_realm }} = {
diff --git a/roles/openshift-apps/fasjson/templates/start.sh b/roles/openshift-apps/fasjson/templates/start.sh
index f52aa8b5af..8b790fbc35 100644
--- a/roles/openshift-apps/fasjson/templates/start.sh
+++ b/roles/openshift-apps/fasjson/templates/start.sh
@@ -4,4 +4,5 @@ mkdir /httpdir/run/ /httpdir/run/ccaches/
 ln -s /etc/httpd/modules /httpdir/modules
 truncate --size=0 /httpdir/access.log /httpdir/error.log
 tail -qf /httpdir/access.log /httpdir/error.log &
+export KRB5CCNAME=/httpdir/httpd.ccache
 exec httpd -f /etc/fasjson/httpd.conf -DFOREGROUND -DNO_DETACH