diff --git a/inventory/group_vars/bkernel b/inventory/group_vars/bkernel
index 2f42ccacf8..042951816a 100644
--- a/inventory/group_vars/bkernel
+++ b/inventory/group_vars/bkernel
@@ -5,3 +5,9 @@ koji_hub_nfs: "fedora_koji"
 koji_server_url: "https://koji.fedoraproject.org/kojihub"
 koji_weburl: "https://koji.fedoraproject.org/koji"
 koji_topurl: "https://kojipkgs.fedoraproject.org/"
+
+ipa_host_group: kojibuilder-kernel
+ipa_host_group_desc: Koji Build hosts for kernel builds
+# Both of these default to sysadmin-main in the ipa/client role
+ipa_client_shell_groups: []
+ipa_client_sudo_groups: []
diff --git a/inventory/group_vars/builders b/inventory/group_vars/builders
index fb5b3bf163..ab6475697b 100644
--- a/inventory/group_vars/builders
+++ b/inventory/group_vars/builders
@@ -7,6 +7,7 @@ nagios_Check_Services:
   swap: false
   mail: false
 
+primary_auth_source: ipa
 ipa_host_group: kojibuilder
 ipa_host_group_desc: Koji Build hosts
 ipa_client_shell_groups:
diff --git a/inventory/group_vars/buildhw b/inventory/group_vars/buildhw
index 546089d05b..0871cc3c28 100644
--- a/inventory/group_vars/buildhw
+++ b/inventory/group_vars/buildhw
@@ -1,7 +1,5 @@
 ---
 host_group: kojibuilder
-fas_client_groups: sysadmin-releng
-sudoers: "{{ private }}/files/sudo/00releng-sudoers"
 freezes: true
 
 koji_hub_nfs: "fedora_koji"
diff --git a/inventory/group_vars/buildvm b/inventory/group_vars/buildvm
index 86dad7efa4..b4e82667e0 100644
--- a/inventory/group_vars/buildvm
+++ b/inventory/group_vars/buildvm
@@ -15,8 +15,6 @@ virt_install_command: "{{ virt_install_command_one_nic_unsafe }}"
 # for systems that do not match the above - specify the same parameter in
 # the host_vars/$hostname file
 host_group: kojibuilder
-fas_client_groups: sysadmin-releng
-sudoers: "{{ private }}/files/sudo/00releng-sudoers"
 
 koji_hub_nfs: "fedora_koji"
 koji_server_url: "https://koji.fedoraproject.org/kojihub"
diff --git a/inventory/group_vars/buildvm_aarch64 b/inventory/group_vars/buildvm_aarch64
index 7c5213ec22..8f0eb42d72 100644
--- a/inventory/group_vars/buildvm_aarch64
+++ b/inventory/group_vars/buildvm_aarch64
@@ -17,8 +17,6 @@ virt_install_command: "{{ virt_install_command_aarch64_one_nic_unsafe }}"
 # for systems that do not match the above - specify the same parameter in
 # the host_vars/$hostname file
 host_group: kojibuilder
-fas_client_groups: sysadmin-releng
-sudoers: "{{ private }}/files/sudo/00releng-sudoers"
 
 koji_hub_nfs: "fedora_koji"
 koji_server_url: "https://koji.fedoraproject.org/kojihub"
diff --git a/inventory/group_vars/buildvm_armv7 b/inventory/group_vars/buildvm_armv7
index 4c846d27b5..9f37d5af43 100644
--- a/inventory/group_vars/buildvm_armv7
+++ b/inventory/group_vars/buildvm_armv7
@@ -20,8 +20,6 @@ virt_install_command: "{{ virt_install_command_armv7_one_nic_unsafe }}"
 # for systems that do not match the above - specify the same parameter in
 # the host_vars/$hostname file
 host_group: kojibuilder
-fas_client_groups: sysadmin-releng
-sudoers: "{{ private }}/files/sudo/00releng-sudoers"
 
 koji_hub_nfs: "fedora_koji"
 koji_server_url: "https://koji.fedoraproject.org/kojihub"
diff --git a/inventory/group_vars/buildvm_ppc64le b/inventory/group_vars/buildvm_ppc64le
index 9f14cf2469..fd15d5bce9 100644
--- a/inventory/group_vars/buildvm_ppc64le
+++ b/inventory/group_vars/buildvm_ppc64le
@@ -25,8 +25,6 @@ virt_install_command: "{{ virt_install_command_one_nic_unsafe }}"
 # for systems that do not match the above - specify the same parameter in
 # the host_vars/$hostname file
 host_group: kojibuilder
-fas_client_groups: sysadmin-releng
-sudoers: "{{ private }}/files/sudo/00releng-sudoers"
 
 koji_hub_nfs: "fedora_koji"
 koji_server_url: "https://koji.fedoraproject.org/kojihub"
diff --git a/inventory/group_vars/buildvm_s390x b/inventory/group_vars/buildvm_s390x
index 005164d52f..d5a828dc73 100644
--- a/inventory/group_vars/buildvm_s390x
+++ b/inventory/group_vars/buildvm_s390x
@@ -17,8 +17,6 @@ virt_install_command: "{{ virt_install_command_s390x_one_nic_unsafe }}"
 ansible_ifcfg_blocklist: True
 createrepo: False
 host_group: kojibuilder
-fas_client_groups: sysadmin-releng
-sudoers: "{{ private }}/files/sudo/00releng-sudoers"
 
 koji_hub_nfs: "fedora_koji"
 koji_server_url: "https://koji.fedoraproject.org/kojihub"
diff --git a/playbooks/groups/buildhw.yml b/playbooks/groups/buildhw.yml
index 7586ccbf24..c9ebe21731 100644
--- a/playbooks/groups/buildhw.yml
+++ b/playbooks/groups/buildhw.yml
@@ -62,8 +62,7 @@
   - { role: clevis, when: "inventory_hostname.startswith(('bkernel', 'buildhw-x86'))" }
   - { role: serial-console, when: inventory_hostname.startswith('bkernel') }
   - hosts
-  - { role: ipa/client, when: not inventory_hostname.startswith('bkernel') and env == "staging" }
-  - { role: fas_client, when: not inventory_hostname.startswith('bkernel') and env != "staging" }
+  - ipa/client
   - { role: sudo, when: not inventory_hostname.startswith('bkernel') }
   - role: keytab/service
     kt_location: /etc/kojid/kojid.keytab
@@ -77,8 +76,6 @@
     when: env == "staging"
 
   tasks:
-  - import_tasks: "{{ tasks_path }}/2fa_client.yml"
-    when: not inventory_hostname.startswith('bkernel')
   - import_tasks: "{{ tasks_path }}/motd.yml"
     when: not inventory_hostname.startswith('bkernel')
 
diff --git a/playbooks/groups/buildvm.yml b/playbooks/groups/buildvm.yml
index 915128f4a2..6a8e439aef 100644
--- a/playbooks/groups/buildvm.yml
+++ b/playbooks/groups/buildvm.yml
@@ -22,15 +22,13 @@
   roles:
     - base
     - hosts
-    - { role: ipa/client, when: env == "staging" }
     - {
         role: nfs/client,
         mnt_dir: "/mnt/fedora_koji",
         nfs_src_dir: "{{ koji_hub_nfs }}",
         when: "env == 'staging' or createrepo or 'runroot' in group_names and not inventory_hostname.startswith('buildvm-s390x')",
       }
-    - { role: ipa/client, when: not inventory_hostname.startswith('bkernel') and env == "staging" }
-    - { role: fas_client, when: not inventory_hostname.startswith('bkernel') and env == 'production' }
+    - ipa/client
     - { role: sudo, when: not inventory_hostname.startswith('bkernel') and env == 'production' }
     - koji_builder
     - role: nfs/client
@@ -87,8 +85,6 @@
       when: env == "staging"
 
   tasks:
-    - import_tasks: "{{ tasks_path }}/2fa_client.yml"
-      when: not inventory_hostname.startswith('bkernel') and env == 'production'
     - import_tasks: "{{ tasks_path }}/motd.yml"
       when: not inventory_hostname.startswith('bkernel') and env == 'production'