Hi community, I am studying ksu for some use cases and found this link: https://web.mit.edu/kerberos/krb5-1.5/krb5-1.5.4/doc/krb5-user/ksu.html I have a user1 with KDC entry and keytab. Just before running ksu, I kinit user1 to get Kerberos ticket: [user1@server1 ~]$ klist Ticket cache: FILE:/tmp/krb5cc_1003293697 Default principal: user1@EXAMPLE.COM Valid starting Expires Service principal 02/18/2019 09:13:12 02/19/2019 09:13:12 krbtgt/EXAMPLE.COM@EXAMPLE.COM Then, I want user1 to ksu user2. For this to work, I have created a .k5login file on user2 home directory with user1@EXAMPLE.COM on its content. Than, I launch ksu with user1 but found this issue: [user1@server1 ~]$ ksu user2 ksu: Server not found in Kerberos database while verifying ticket for server Authentication failed. Looking for an error on /var/log/krb5kdc.log, I found that one: UNKNOWN_SERVER: authtime 0, user1@EXAMPLE.COM for krbtgt/UNKNOWN_DOMAIN@EXAMPLE.COM, Server not found in Kerberos database As the error states, service principal name krbtgt/UNKNOWN_DOMAIN@EXAMPLE.COM is unknown to KDC database, which is right. The problem is I expected the SPN to be krbtgt/EXAMPLE.COM@EXAMPLE.COM, just like what I can see on my user1 klist. As I don't really know how to fix this, does someone have an idea on this, please ? On different website and forums, it talks about FQDN, reverse DNS and some /etc/hosts and /etc/resolv.conf configurations but none solved my issue. Thank you on advance for your help. ... View more