From 756ea8fb6c2d802b8fab522750e09f2b78dfc1b0 Mon Sep 17 00:00:00 2001
From: Matt Jia <mjia@redhat.com>
Date: Jun 02 2017 05:43:57 +0000
Subject: make the keytab file configurable


This will allow us to use the default keytab file when deploying with
Gunicorn if the environment variable KRB5_KTNAME is not set.

---

diff --git a/waiverdb/config.py b/waiverdb/config.py
index fd65797..5243281 100644
--- a/waiverdb/config.py
+++ b/waiverdb/config.py
@@ -34,6 +34,7 @@ class Config(object):
     AUTH_METHOD = 'OIDC'  # Specify OIDC or Kerberos for authentication
     # Change it if the Kerberos service is not running on which the waiverdb is run.
     KERBEROS_HTTP_HOST = None
+    KERBEROS_AUTH_KEYTAB = '/etc/httpd.keytab'
     ZEROMQ_PUBLISH = True
 
 
diff --git a/waiverdb/wsgi.py b/waiverdb/wsgi.py
index 19e6300..e4756e1 100644
--- a/waiverdb/wsgi.py
+++ b/waiverdb/wsgi.py
@@ -10,6 +10,9 @@
 # GNU General Public License for more details.
 #
 
+import os
 from waiverdb.app import create_app, init_db
 app = create_app()
 init_db(app)
+if app.config['AUTH_METHOD'] == 'Kerberos':
+    os.environ['KRB5_KTNAME'] = app.config['KERBEROS_AUTH_KEYTAB']