diff --git a/doc/configuration.rst b/doc/configuration.rst
index 80d75b3..18fd5bb 100644
--- a/doc/configuration.rst
+++ b/doc/configuration.rst
@@ -234,11 +234,32 @@ upload. For more information, see the install.rst guide.
 Defaults to: ``False``
 
 
+GIT_AUTH_BACKEND
+^^^^^^^^^^^^^^^^
+
+This configuration key allows specifying which git auth backend to use.
+
+Git auth backends can either be static (like gitolite), where a file is
+generated when something changed and then used on login, or dynamic,
+where the actual ACLs are checked in a git hook before being applied.
+
+By default pagure provides the following backends:
+
+- `test_auth`: simple debugging backend printing and returning the string ``Called GitAuthTestHelper.generate_acls()``
+- `gitolite2`: allows deploying pagure on the top of gitolite 2
+- `gitolite3`: allows deploying pagure on the top of gitolite 3
+
+Defaults to: ``gitolite3``
+
+.. note:: The option GITOLITE_BACKEND is the legacy name, and for backwards compatibility reasons will override this setting
+
+.. note:: These options can be expended, cf :ref:`custom-gitolite`.
+
 
 Configure Gitolite
 ------------------
 
-Pagure uses `gitolite <http://gitolite.com/>`_ as an authorization layer.
+Pagure can use `gitolite <http://gitolite.com/>`_ as an authorization layer.
 Gitolite relies on `SSH <https://en.wikipedia.org/wiki/Secure_Shell>`_ for
 the authentication. In other words, SSH lets you in and gitolite checks if
 you are allowed to do what you are trying to do once you are inside.
@@ -275,23 +296,6 @@ This configuration key points to the gitolite.conf file where pagure writes
 the gitolite repository access configuration.
 
 
-GITOLITE_BACKEND
-^^^^^^^^^^^^^^^^
-
-This configuration key allows specifying which helper method to use to
-generate and compile gitolite's configuration file.
-
-By default pagure provides the following backends:
-
-- `test_auth`: simple debugging backend printing and returning the string ``Called GitAuthTestHelper.generate_acls()``
-- `gitolite2`: allows deploying pagure on the top of gitolite 2
-- `gitolite3`: allows deploying pagure on the top of gitolite 3
-
-Defaults to: ``gitolite3``
-
-.. note:: These options can be expended, cf :ref:`custom-gitolite`.
-
-
 GITOLITE_CELERY_QUEUE
 ^^^^^^^^^^^^^^^^^^^^^
 
@@ -1545,3 +1549,11 @@ Defaults to: ``Pagure``
 
 This has been deprecated by the new way of theming pagure, see the `theming
 documentation <https://docs.pagure.org/pagure/usage/theming.html>`_
+
+
+GITOLITE_BACKEND
+~~~~~~~~~~~~~~~~
+
+This configuration key allowed specifying the gitolite backend.
+This has now been replaced by GIT_AUTH_BACKEND, please see that option
+for information on valid values.
diff --git a/pagure/cli/admin.py b/pagure/cli/admin.py
index 2ecf261..088d190 100644
--- a/pagure/cli/admin.py
+++ b/pagure/cli/admin.py
@@ -448,9 +448,7 @@ def do_generate_acl(args):
         if not _ask_confirmation():
             return
 
-    helper = pagure.lib.git_auth.get_git_auth_helper(
-        pagure.config.config["GITOLITE_BACKEND"]
-    )
+    helper = pagure.lib.git_auth.get_git_auth_helper()
     _log.debug("Got helper: %s", helper)
 
     group_obj = None
diff --git a/pagure/config.py b/pagure/config.py
index 9c60bae..fc7742a 100644
--- a/pagure/config.py
+++ b/pagure/config.py
@@ -38,6 +38,10 @@ def reload_config():
         )
     config["REQUESTS_FOLDER"] = os.path.join(config["GIT_FOLDER"], "requests")
 
+    if "GITOLITE_BACKEND" in config:
+        # This is for backwards compatibility purposes
+        config["GIT_AUTH_BACKEND"] = config["GITOLITE_BACKEND"]
+
     return config
 
 
diff --git a/pagure/default_config.py b/pagure/default_config.py
index 8a4f01b..3a8d44f 100644
--- a/pagure/default_config.py
+++ b/pagure/default_config.py
@@ -175,8 +175,13 @@ GITOLITE_VERSION = 3
 # Folder containing all the public ssh keys for gitolite
 GITOLITE_KEYDIR = None
 
-# Backend to use to write down the gitolite configuration file
-GITOLITE_BACKEND = "gitolite3"
+# Backend for git auth decisions
+# This may be either a static helper (like gitolite based) or dynamic.
+GIT_AUTH_BACKEND = "gitolite3"
+
+# Legacy option name for GIT_AUTH_BACKEND, retained for backwards compatibility
+# This option overrides GIT_AUTH_BACKEND
+# GITOLITE_BACKEND = "gitolite3"
 
 # Whether or not this installation of Pagure should use `gitolite compile-1`
 # to improve speed of some gitolite operations. See documentation for more
diff --git a/pagure/lib/git_auth.py b/pagure/lib/git_auth.py
index 5648ca4..c7a2f58 100644
--- a/pagure/lib/git_auth.py
+++ b/pagure/lib/git_auth.py
@@ -30,7 +30,7 @@ from pagure.lib import model
 _log = logging.getLogger(__name__)
 
 
-def get_git_auth_helper(backend, *args, **kwargs):
+def get_git_auth_helper(backend=None):
     """ Instantiate and return the appropriate git auth helper backend.
 
     :arg backend: The name of the backend to find on the system (declared via
@@ -40,6 +40,8 @@ def get_git_auth_helper(backend, *args, **kwargs):
     :type backend: str
 
     """
+    if backend is None:
+        backend = pagure_config["GIT_AUTH_BACKEND"]
     _log.info("Looking for backend: %s", backend)
     points = pkg_resources.iter_entry_points("pagure.git_auth.helpers")
     classes = dict([(point.name, point) for point in points])
@@ -53,8 +55,8 @@ def get_git_auth_helper(backend, *args, **kwargs):
         }[backend]
     else:
         cls = classes[backend].load()
-    _log.debug("Instantiating helper %r from backend key %r" % (cls, backend))
-    return cls(*args, **kwargs)
+    _log.debug("Returning helper %r from backend key %r" % (cls, backend))
+    return cls
 
 
 class GitAuthHelper(with_metaclass(abc.ABCMeta, object)):
diff --git a/pagure/lib/tasks.py b/pagure/lib/tasks.py
index 5eb7636..cba2c88 100644
--- a/pagure/lib/tasks.py
+++ b/pagure/lib/tasks.py
@@ -141,9 +141,7 @@ def generate_gitolite_acls(
 
     elif name == -1:
         project = name
-    helper = pagure.lib.git_auth.get_git_auth_helper(
-        pagure_config["GITOLITE_BACKEND"]
-    )
+    helper = pagure.lib.git_auth.get_git_auth_helper()
     _log.debug("Got helper: %s", helper)
 
     group_obj = None
@@ -174,9 +172,7 @@ def gitolite_post_compile_only(self, session):
     used if you only need to run `gitolite trigger POST_COMPILE` without
     touching any other gitolite configuration
     """
-    helper = pagure.lib.git_auth.get_git_auth_helper(
-        pagure_config["GITOLITE_BACKEND"]
-    )
+    helper = pagure.lib.git_auth.get_git_auth_helper()
     _log.debug("Got helper: %s", helper)
     if hasattr(helper, "post_compile_only"):
         helper.post_compile_only()
@@ -219,9 +215,7 @@ def delete_project(
         )
 
     # Remove the project from gitolite.conf
-    helper = pagure.lib.git_auth.get_git_auth_helper(
-        pagure_config["GITOLITE_BACKEND"]
-    )
+    helper = pagure.lib.git_auth.get_git_auth_helper()
     _log.debug("Got helper: %s", helper)
 
     _log.debug(
diff --git a/tests/test_pagure_admin.py b/tests/test_pagure_admin.py
index 2974457..dcfce9d 100644
--- a/tests/test_pagure_admin.py
+++ b/tests/test_pagure_admin.py
@@ -130,7 +130,7 @@ class PagureAdminAdminRefreshGitolitetests(tests.Modeltests):
             {'group': None, 'project': None, 'all_': False, 'user': None})
         pagure.cli.admin.do_generate_acl(args)
 
-        get_helper.assert_called_with('gitolite3')
+        get_helper.assert_called_with()
         args = helper.generate_acls.call_args
         self.assertIsNone(args[1].get('group'))
         self.assertIsNone(args[1].get('project'))
@@ -147,7 +147,7 @@ class PagureAdminAdminRefreshGitolitetests(tests.Modeltests):
             {'group': None, 'project': None, 'all_': True, 'user': None})
         pagure.cli.admin.do_generate_acl(args)
 
-        get_helper.assert_called_with('gitolite3')
+        get_helper.assert_called_with()
         args = helper.generate_acls.call_args
         self.assertIsNone(args[1].get('group'))
         self.assertEqual(args[1].get('project'), -1)
@@ -164,7 +164,7 @@ class PagureAdminAdminRefreshGitolitetests(tests.Modeltests):
             {'group': None, 'project': 'test', 'all_': False, 'user': None})
         pagure.cli.admin.do_generate_acl(args)
 
-        get_helper.assert_called_with('gitolite3')
+        get_helper.assert_called_with()
         args = helper.generate_acls.call_args
         self.assertIsNone(args[1].get('group'))
         self.assertEqual(args[1].get('project').fullname, 'test')
@@ -182,7 +182,7 @@ class PagureAdminAdminRefreshGitolitetests(tests.Modeltests):
             {'group': None, 'project': 'test', 'all_': True, 'user': None})
         pagure.cli.admin.do_generate_acl(args)
 
-        get_helper.assert_called_with('gitolite3')
+        get_helper.assert_called_with()
         args = helper.generate_acls.call_args
         self.assertIsNone(args[1].get('group'))
         self.assertEqual(args[1].get('project'), -1)
@@ -199,7 +199,7 @@ class PagureAdminAdminRefreshGitolitetests(tests.Modeltests):
             {'group': 'foo', 'project': None, 'all_': False, 'user': None})
         pagure.cli.admin.do_generate_acl(args)
 
-        get_helper.assert_called_with('gitolite3')
+        get_helper.assert_called_with()
         args = helper.generate_acls.call_args
         self.assertEqual(args[1].get('group').group_name, 'foo')
         self.assertIsNone(args[1].get('project'))
diff --git a/tests/test_pagure_lib_gitolite_config.py b/tests/test_pagure_lib_gitolite_config.py
index 9fcd83b..56add8d 100644
--- a/tests/test_pagure_lib_gitolite_config.py
+++ b/tests/test_pagure_lib_gitolite_config.py
@@ -796,7 +796,7 @@ repo requests/test
         pagure.lib.tasks.generate_gitolite_acls(
             namespace=None, name='test', user=None, group=None)
 
-        get_helper.assert_called_with('gitolite3')
+        get_helper.assert_called_with()
         args = helper.generate_acls.call_args
         self.assertIsNone(args[1].get('group'))
         self.assertIsNotNone(args[1].get('project'))