ksu does not seem to care about the value of k5login_directory, instead hardcoding $HOME/.k5login. This looks like so: [root@kerberos.ravnica x86_64]# grep k5login_directory /etc/krb5.conf k5login_directory = /etc/k5login [root@kerberos.ravnica x86_64]# cat /etc/k5login/testuser rharwood@RAVNICA [root@kerberos.ravnica x86_64]# strace -f -o /tmp/ksu.out sudo -u rharwood ksu testuser -n rharwood Authenticated rharwood@RAVNICA Account testuser: authorization of rharwood@RAVNICA failed [root@kerberos.ravnica x86_64]# grep k5login /tmp/ksu.out 1492 stat("/home/testuser/.k5login", 0x7ffdc4d07770) = -1 ENOENT (No such file or directory) [root@kerberos.ravnica x86_64]# This bug was reported downstream as https://bugzilla.redhat.com/show_bug.cgi?id=1329998 Thanks!