Allow krb ccache to be configured

Access to the kernel keyring may be restricted in containers. Allow users to specify non keyring ccache for kerberos.

module_build_service/common/config.py

@@ -333,6 +333,7 @@ class Config(object):
         },
         "krb_keytab": {"type": None, "default": None, "desc": ""},
         "krb_principal": {"type": None, "default": None, "desc": ""},
+        'krb_ccache': {"type": None, "default": "KEYRING:thread:mbs", "desc": ""},
         "messaging": {"type": str, "default": "fedmsg", "desc": "The messaging system to use."},
         "messaging_topic_prefix": {
             "type": list,

module_build_service/common/koji.py

@@ -143,7 +143,9 @@ def get_session(config, login=True):
         log.debug("  keytab: %r, principal: %r" % (keytab, principal))
         # We want to use the thread keyring for the ccache to ensure we have one cache per
         # thread to avoid Kerberos cache corruption
-        ccache = "KEYRING:thread:mbs"
+        # Keyring may be inaccessible in containers, so let's allow it to be configured
+        ccache = getattr(config, "krb_ccache", None)
+        log.debug("  ccache: %r" % (ccache))
         koji_session.gssapi_login(principal=principal, keytab=keytab, ccache=ccache)
     elif authtype == "ssl":
         koji_session.ssl_login(