diff --git a/SOURCES/bz2111669-1-Revert-Refactor-main-substitute-is_auth_req-macro.patch b/SOURCES/bz2111669-1-Revert-Refactor-main-substitute-is_auth_req-macro.patch
new file mode 100644
index 0000000..3ab2586
--- /dev/null
+++ b/SOURCES/bz2111669-1-Revert-Refactor-main-substitute-is_auth_req-macro.patch
@@ -0,0 +1,30 @@
+From 35bf0b7b048d715f671eb68974fb6b4af6528c67 Mon Sep 17 00:00:00 2001
+From: Jan Friesse <jfriesse@redhat.com>
+Date: Mon, 4 Jul 2022 09:39:47 +0200
+Subject: [PATCH] Revert "Refactor: main: substitute is_auth_req macro"
+
+This reverts commit da79b8ba28ad4837a0fee13e5f8fb6f89fe0e24c.
+
+authfile != authkey
+
+Signed-off-by: Jan Friesse <jfriesse@redhat.com>
+---
+ src/main.c | 2 +-
+ 1 file changed, 1 insertion(+), 1 deletion(-)
+
+diff --git a/src/main.c b/src/main.c
+index b50a883..b4a174f 100644
+--- a/src/main.c
++++ b/src/main.c
+@@ -364,7 +364,7 @@ static int setup_config(int type)
+ 	if (rv < 0)
+ 		goto out;
+ 
+-	if (is_auth_req()) {
++	if (booth_conf->authfile[0] != '\0') {
+ 		rv = read_authkey();
+ 		if (rv < 0)
+ 			goto out;
+-- 
+2.37.1
+
diff --git a/SOURCES/bz2111669-2-config-Add-enable-authfile-option.patch b/SOURCES/bz2111669-2-config-Add-enable-authfile-option.patch
new file mode 100644
index 0000000..a3adc72
--- /dev/null
+++ b/SOURCES/bz2111669-2-config-Add-enable-authfile-option.patch
@@ -0,0 +1,106 @@
+From 466246c2fa8ea1bcc06593fbf7b900d0665606b1 Mon Sep 17 00:00:00 2001
+From: Jan Friesse <jfriesse@redhat.com>
+Date: Tue, 26 Jul 2022 18:39:38 +0200
+Subject: [PATCH] config: Add enable-authfile option
+
+This option enables (or disables) usage of authfile. Can be 'yes' or 'no'.
+Default is 'no'.
+
+Booth usage of authfile was broken for long time (since commit
+da79b8ba28ad4837a0fee13e5f8fb6f89fe0e24c).
+
+Pcs was adding authfile by default, but it was not used. Once booth bug
+was fixed problem appears because mixed clusters (with fixed version and
+without fixed one) stops working.
+
+This non-upstream option is added and used to allow use of
+authfile without breaking compatibility for clusters
+consisting of mixed versions (usually happens before all nodes are
+updated) of booth (user have to explicitly
+enable usage of authfile).
+
+This patch is transitional and will be removed in future major version of
+distribution.
+
+Signed-off-by: Jan Friesse <jfriesse@redhat.com>
+---
+ docs/boothd.8.txt |  7 +++++++
+ src/config.c      | 17 +++++++++++++++++
+ src/config.h      |  1 +
+ src/main.c        |  2 +-
+ 4 files changed, 26 insertions(+), 1 deletion(-)
+
+diff --git a/docs/boothd.8.txt b/docs/boothd.8.txt
+index f58f27e..12f66f9 100644
+--- a/docs/boothd.8.txt
++++ b/docs/boothd.8.txt
+@@ -230,6 +230,13 @@ will always bind and listen to both UDP and TCP ports.
+ 	parameter to a higher value. The time skew test is performed
+ 	only in concert with authentication.
+ 
++*'enable-authfile'*::
++	Enables (or disables) usage of authfile. Can be 'yes' or 'no'.
++	Default is 'no'.
++	This is non-upstream option used to allow use of authfile without
++	breaking compatibility for clusters consisting of mixed
++	versions of booth.
++
+ *'site'*::
+ 	Defines a site Raft member with the given IP. Sites can
+ 	acquire tickets. The sites' IP should be managed by the cluster.
+diff --git a/src/config.c b/src/config.c
+index 8e41553..b9df3e3 100644
+--- a/src/config.c
++++ b/src/config.c
+@@ -729,6 +729,23 @@ no_value:
+ 			booth_conf->maxtimeskew = atoi(val);
+ 			continue;
+ 		}
++
++		if (strcmp(key, "enable-authfile") == 0) {
++			if (strcasecmp(val, "yes") == 0 ||
++			    strcasecmp(val, "on") == 0 ||
++			    strcasecmp(val, "1") == 0) {
++				booth_conf->enable_authfile = 1;
++			} else if (strcasecmp(val, "no") == 0 ||
++			    strcasecmp(val, "off") == 0 ||
++			    strcasecmp(val, "0") == 0) {
++				booth_conf->enable_authfile = 0;
++			} else {
++				error = "Expected yes/no value for enable-authfile";
++				goto err;
++			}
++
++			continue;
++		}
+ #endif
+ 
+ 		if (strcmp(key, "site") == 0) {
+diff --git a/src/config.h b/src/config.h
+index bca73bc..da1e917 100644
+--- a/src/config.h
++++ b/src/config.h
+@@ -297,6 +297,7 @@ struct booth_config {
+ 	struct stat authstat;
+ 	char authkey[BOOTH_MAX_KEY_LEN];
+ 	int authkey_len;
++	int enable_authfile;
+     /** Maximum time skew between peers allowed */
+ 	int maxtimeskew;
+ 
+diff --git a/src/main.c b/src/main.c
+index b4a174f..0fdb295 100644
+--- a/src/main.c
++++ b/src/main.c
+@@ -364,7 +364,7 @@ static int setup_config(int type)
+ 	if (rv < 0)
+ 		goto out;
+ 
+-	if (booth_conf->authfile[0] != '\0') {
++	if (booth_conf->authfile[0] != '\0' && booth_conf->enable_authfile) {
+ 		rv = read_authkey();
+ 		if (rv < 0)
+ 			goto out;
+-- 
+2.37.1
+
diff --git a/SOURCES/bz2113970-1-Revert-Refactor-main-substitute-is_auth_req-macro.patch b/SOURCES/bz2113970-1-Revert-Refactor-main-substitute-is_auth_req-macro.patch
deleted file mode 100644
index 3ab2586..0000000
--- a/SOURCES/bz2113970-1-Revert-Refactor-main-substitute-is_auth_req-macro.patch
+++ /dev/null
@@ -1,30 +0,0 @@
-From 35bf0b7b048d715f671eb68974fb6b4af6528c67 Mon Sep 17 00:00:00 2001
-From: Jan Friesse <jfriesse@redhat.com>
-Date: Mon, 4 Jul 2022 09:39:47 +0200
-Subject: [PATCH] Revert "Refactor: main: substitute is_auth_req macro"
-
-This reverts commit da79b8ba28ad4837a0fee13e5f8fb6f89fe0e24c.
-
-authfile != authkey
-
-Signed-off-by: Jan Friesse <jfriesse@redhat.com>
----
- src/main.c | 2 +-
- 1 file changed, 1 insertion(+), 1 deletion(-)
-
-diff --git a/src/main.c b/src/main.c
-index b50a883..b4a174f 100644
---- a/src/main.c
-+++ b/src/main.c
-@@ -364,7 +364,7 @@ static int setup_config(int type)
- 	if (rv < 0)
- 		goto out;
- 
--	if (is_auth_req()) {
-+	if (booth_conf->authfile[0] != '\0') {
- 		rv = read_authkey();
- 		if (rv < 0)
- 			goto out;
--- 
-2.37.1
-
diff --git a/SOURCES/bz2113970-2-config-Add-enable-authfile-option.patch b/SOURCES/bz2113970-2-config-Add-enable-authfile-option.patch
deleted file mode 100644
index a3adc72..0000000
--- a/SOURCES/bz2113970-2-config-Add-enable-authfile-option.patch
+++ /dev/null
@@ -1,106 +0,0 @@
-From 466246c2fa8ea1bcc06593fbf7b900d0665606b1 Mon Sep 17 00:00:00 2001
-From: Jan Friesse <jfriesse@redhat.com>
-Date: Tue, 26 Jul 2022 18:39:38 +0200
-Subject: [PATCH] config: Add enable-authfile option
-
-This option enables (or disables) usage of authfile. Can be 'yes' or 'no'.
-Default is 'no'.
-
-Booth usage of authfile was broken for long time (since commit
-da79b8ba28ad4837a0fee13e5f8fb6f89fe0e24c).
-
-Pcs was adding authfile by default, but it was not used. Once booth bug
-was fixed problem appears because mixed clusters (with fixed version and
-without fixed one) stops working.
-
-This non-upstream option is added and used to allow use of
-authfile without breaking compatibility for clusters
-consisting of mixed versions (usually happens before all nodes are
-updated) of booth (user have to explicitly
-enable usage of authfile).
-
-This patch is transitional and will be removed in future major version of
-distribution.
-
-Signed-off-by: Jan Friesse <jfriesse@redhat.com>
----
- docs/boothd.8.txt |  7 +++++++
- src/config.c      | 17 +++++++++++++++++
- src/config.h      |  1 +
- src/main.c        |  2 +-
- 4 files changed, 26 insertions(+), 1 deletion(-)
-
-diff --git a/docs/boothd.8.txt b/docs/boothd.8.txt
-index f58f27e..12f66f9 100644
---- a/docs/boothd.8.txt
-+++ b/docs/boothd.8.txt
-@@ -230,6 +230,13 @@ will always bind and listen to both UDP and TCP ports.
- 	parameter to a higher value. The time skew test is performed
- 	only in concert with authentication.
- 
-+*'enable-authfile'*::
-+	Enables (or disables) usage of authfile. Can be 'yes' or 'no'.
-+	Default is 'no'.
-+	This is non-upstream option used to allow use of authfile without
-+	breaking compatibility for clusters consisting of mixed
-+	versions of booth.
-+
- *'site'*::
- 	Defines a site Raft member with the given IP. Sites can
- 	acquire tickets. The sites' IP should be managed by the cluster.
-diff --git a/src/config.c b/src/config.c
-index 8e41553..b9df3e3 100644
---- a/src/config.c
-+++ b/src/config.c
-@@ -729,6 +729,23 @@ no_value:
- 			booth_conf->maxtimeskew = atoi(val);
- 			continue;
- 		}
-+
-+		if (strcmp(key, "enable-authfile") == 0) {
-+			if (strcasecmp(val, "yes") == 0 ||
-+			    strcasecmp(val, "on") == 0 ||
-+			    strcasecmp(val, "1") == 0) {
-+				booth_conf->enable_authfile = 1;
-+			} else if (strcasecmp(val, "no") == 0 ||
-+			    strcasecmp(val, "off") == 0 ||
-+			    strcasecmp(val, "0") == 0) {
-+				booth_conf->enable_authfile = 0;
-+			} else {
-+				error = "Expected yes/no value for enable-authfile";
-+				goto err;
-+			}
-+
-+			continue;
-+		}
- #endif
- 
- 		if (strcmp(key, "site") == 0) {
-diff --git a/src/config.h b/src/config.h
-index bca73bc..da1e917 100644
---- a/src/config.h
-+++ b/src/config.h
-@@ -297,6 +297,7 @@ struct booth_config {
- 	struct stat authstat;
- 	char authkey[BOOTH_MAX_KEY_LEN];
- 	int authkey_len;
-+	int enable_authfile;
-     /** Maximum time skew between peers allowed */
- 	int maxtimeskew;
- 
-diff --git a/src/main.c b/src/main.c
-index b4a174f..0fdb295 100644
---- a/src/main.c
-+++ b/src/main.c
-@@ -364,7 +364,7 @@ static int setup_config(int type)
- 	if (rv < 0)
- 		goto out;
- 
--	if (booth_conf->authfile[0] != '\0') {
-+	if (booth_conf->authfile[0] != '\0' && booth_conf->enable_authfile) {
- 		rv = read_authkey();
- 		if (rv < 0)
- 			goto out;
--- 
-2.37.1
-
diff --git a/SPECS/booth.spec b/SPECS/booth.spec
index dd02aa6..57843b1 100644
--- a/SPECS/booth.spec
+++ b/SPECS/booth.spec
@@ -31,7 +31,7 @@
 %global git_describe_str v1.0-251-gbfb2f924c07db823f5c934d1aafbc5181bb25148
 
 # Set this to 1 when rebasing (changing git_describe_str) and increase otherwise
-%global release 3
+%global release 4
 
 # Run shell script to parse git_describe str into version, numcomm and sha1 hash
 %global booth_ver %(s=%{git_describe_str}; vver=${s%%%%-*}; echo ${vver:1})
@@ -57,13 +57,13 @@
 
 Name:           booth
 Version:        %{booth_ver}
-Release:        %{booth_numcomm}.%{release}.%{booth_short_sha1}.git%{?dist}.1
+Release:        %{booth_numcomm}.%{release}.%{booth_short_sha1}.git%{?dist}
 Summary:        Ticket Manager for Multi-site Clusters
 License:        GPLv2+
 Url:            https://github.com/%{github_owner}/%{name}
 Source0:        https://github.com/%{github_owner}/%{name}/archive/%{booth_short_sha1}/%{booth_archive_name}.tar.gz
-Patch0:         bz2113970-1-Revert-Refactor-main-substitute-is_auth_req-macro.patch
-Patch1:         bz2113970-2-config-Add-enable-authfile-option.patch
+Patch0:         bz2111669-1-Revert-Refactor-main-substitute-is_auth_req-macro.patch
+Patch1:         bz2111669-2-config-Add-enable-authfile-option.patch
 
 # direct build process dependencies
 BuildRequires:  autoconf
@@ -312,13 +312,13 @@ VERBOSE=1 make check
 %{_usr}/lib/ocf/resource.d/booth/sharedrsc
 
 %changelog
-* Tue Aug 09 2022 Jan Friesse <jfriesse@redhat.com> - 1.0-251.3.bfb2f92.git.1
-- Related: rhbz#2113970
+* Tue Aug 09 2022 Jan Friesse <jfriesse@redhat.com> - 1.0-251.4.bfb2f92.git
+- Related: rhbz#2111669
 
 - Remove template unit from systemd_(post|preun|postun_with_restart) macro
 
-* Thu Aug 04 2022 Jan Friesse <jfriesse@redhat.com> - 1.0-251.2.bfb2f92.git.1
-- Resolves: rhbz#2113970
+* Wed Aug 03 2022 Jan Friesse <jfriesse@redhat.com> - 1.0-251.3.bfb2f92.git
+- Resolves: rhbz#2111669
 
 - Fix authfile directive handling in booth config file
   (fixes CVE-2022-2553)