From e4d091edb663cf11a97a7a10763d8423dc003848 Mon Sep 17 00:00:00 2001
From: Ralph Bean <rbean@redhat.com>
Date: Wed, 6 Sep 2017 15:25:52 +0000
Subject: [PATCH] Straighten out krb perms for the koji package list sync
 script.

---
 playbooks/groups/bodhi-backend.yml                    | 2 ++
 roles/bodhi2/backend/files/koji-sync-listener.service | 3 +++
 2 files changed, 5 insertions(+)

diff --git a/playbooks/groups/bodhi-backend.yml b/playbooks/groups/bodhi-backend.yml
index 9140c6c158..d9c37165d8 100644
--- a/playbooks/groups/bodhi-backend.yml
+++ b/playbooks/groups/bodhi-backend.yml
@@ -46,6 +46,8 @@
 
   - role: keytab/service
     service: pkgdb
+    owner_user: fedmsg
+    owner_group: fedmsg
   - role: keytab/service
     owner_user: apache
     owner_group: apache
diff --git a/roles/bodhi2/backend/files/koji-sync-listener.service b/roles/bodhi2/backend/files/koji-sync-listener.service
index 09dfa0797d..07f5f64441 100644
--- a/roles/bodhi2/backend/files/koji-sync-listener.service
+++ b/roles/bodhi2/backend/files/koji-sync-listener.service
@@ -8,5 +8,8 @@ User=fedmsg
 Group=fedmsg
 Restart=on-failure
 
+# Use a different ccname so we don't share tickets with bodhi.
+Environment=KRB5CCNAME=/var/tmp/owner-sync-krbcc
+
 [Install]
 WantedBy=multi-user.target