Switch to krb for staging builders

Signed-off-by: Patrick Uiterwijk <puiterwijk@redhat.com>

roles/koji_builder/tasks/main.yml

@@ -1,6 +1,12 @@
 #
 # This is a base koji_builder role.
 #
+dependencies:
+  - role: keytab/service
+    kt_location: /etc/kojid/kojid.keytab
+    service: compile
+    when: env == "staging"
+
 - name: set hostname
   hostname: name="{{inventory_hostname}}"
   tags:

roles/koji_builder/templates/kojid.conf

@@ -66,8 +66,15 @@ from_addr=Fedora Koji Build System <buildsys@fedoraproject.org>
 
 ;configuration for SSL athentication
 
+{% if env == "staging" %}
+; Kerberos configuration
+host_principal_format = compile/%s@{{ ipa_realm }}
+keytab = /etc/kojid/kojid.keytab
+krbservice = host
+{% else %}
 ;client certificate - puppet generated
 cert = /etc/kojid/kojibuilder.pem
+{% endif %}
 
 ;certificate of the CA that issued the client certificate
 ca = /etc/kojid/cacert.pem