Configure koji web login for if we want it

Signed-off-by: Patrick Uiterwijk <puiterwijk@redhat.com>

roles/koji_hub/templates/kojiweb.conf.j2

@@ -21,9 +21,17 @@ Alias /robots.txt /var/www/html/robots.txt
 </Directory>
 
 <Location /koji/login>
+{% if env == "production" %}
     SSLVerifyClient require
     SSLVerifyDepth  10
     SSLOptions +StdEnvVars
+{% else %}
+    AuthType GSSAPI
+    GssapiSSLonly On
+    AuthName "GSSAPI Single Sign On Login"
+    GssapiCredStore keytab:/etc/koji-hub-http.keytab
+    Require valid-user
+{% endif %}
 </Location>
 
 

roles/koji_hub/templates/web.conf.j2

@@ -21,7 +21,13 @@ KojiFilesURL = https://kojipkgs.fedoraproject.org/
 {% endif %}
 
 # SSL authentication options
+{% if env == "production" %}
 WebCert = /etc/pki/tls/private/kojiweb_cert_key.pem
+{% else %}
+KrbRDNS = False
+WebKeytab = /etc/koji-hub-http.keytab
+WebPrincipal = HTTP/koji.stg.fedoraproject.org
+{% endif %}
 ClientCA = /etc/pki/tls/certs/upload_cacert.pem
 KojiHubCA = /etc/pki/tls/certs/extras_cacert.pem