Configure koji web login for if we want it

Signed-off-by: Patrick Uiterwijk <puiterwijk@redhat.com>

2 files changed, 14 insertions, 0 deletions

diff --git a/roles/koji_hub/templates/kojiweb.conf.j2 b/roles/koji_hub/templates/kojiweb.conf.j2
index bb222c0ff..e77d52bb6 100644
--- a/roles/koji_hub/templates/kojiweb.conf.j2
+++ b/roles/koji_hub/templates/kojiweb.conf.j2
@@ -21,9 +21,17 @@ Alias /robots.txt /var/www/html/robots.txt
 </Directory>
 
 <Location /koji/login>
+{% if env == "production" %}
     SSLVerifyClient require
     SSLVerifyDepth  10
     SSLOptions +StdEnvVars
+{% else %}
+    AuthType GSSAPI
+    GssapiSSLonly On
+    AuthName "GSSAPI Single Sign On Login"
+    GssapiCredStore keytab:/etc/koji-hub-http.keytab
+    Require valid-user
+{% endif %}
 </Location>
 
 
diff --git a/roles/koji_hub/templates/web.conf.j2 b/roles/koji_hub/templates/web.conf.j2
index 4f19a2b09..06bd2edbd 100644
--- a/roles/koji_hub/templates/web.conf.j2
+++ b/roles/koji_hub/templates/web.conf.j2
@@ -21,7 +21,13 @@ KojiFilesURL = https://kojipkgs.fedoraproject.org/
 {% endif %}
 
 # SSL authentication options
+{% if env == "production" %}
 WebCert = /etc/pki/tls/private/kojiweb_cert_key.pem
+{% else %}
+KrbRDNS = False
+WebKeytab = /etc/koji-hub-http.keytab
+WebPrincipal = HTTP/koji.stg.fedoraproject.org
+{% endif %}
 ClientCA = /etc/pki/tls/certs/upload_cacert.pem
 KojiHubCA = /etc/pki/tls/certs/extras_cacert.pem