diff --git a/refpolicy/policy/modules/services/kerberos.fc b/refpolicy/policy/modules/services/kerberos.fc
index 6d365e9..a7eef84 100644
--- a/refpolicy/policy/modules/services/kerberos.fc
+++ b/refpolicy/policy/modules/services/kerberos.fc
@@ -3,7 +3,6 @@
 
 /usr(/local)?(/kerberos)?/sbin/krb5kdc -- system_u:object_r:krb5kdc_exec_t
 /usr(/local)?(/kerberos)?/sbin/kadmind -- system_u:object_r:kadmind_exec_t
-/usr(/local)?/bin/ksu		--	system_u:object_r:su_exec_t
 
 /usr/local/var/krb5kdc(/.*)?		system_u:object_r:krb5kdc_conf_t
 /usr/local/var/krb5kdc/principal.*	system_u:object_r:krb5kdc_principal_t
@@ -13,3 +12,6 @@
 
 /var/log/krb5kdc\.log			system_u:object_r:krb5kdc_log_t
 /var/log/kadmind\.log			system_u:object_r:kadmind_log_t
+
+#this goes to su:
+#/usr(/local)?/bin/ksu		--	system_u:object_r:su_exec_t