All the provisioned infra for Stream koji (and related services) was configured to use REDHAT.COM keytab files.

That krb5 REALM is now considered legacy and all internal services should point to IPA.REDHAT.COM (there is a cross trust at this stage).

Pointer : https://source.redhat.com/groups/public/identity-access-management/identity__access_management_wiki/2022_policy_changes

We should:

• migrate/test our .stg. (staging) environment to IPA.REDHAT.COM
• once fully tested, ask for new keytabs
• schedule/announce a maintenance window and reconfigure our whole koji Stream infra