diff --git a/openssh-9.9p1-gssapi-s4u.patch b/openssh-9.9p1-gssapi-s4u.patch
index 4dd3a09..5364704 100644
--- a/openssh-9.9p1-gssapi-s4u.patch
+++ b/openssh-9.9p1-gssapi-s4u.patch
@@ -55,7 +55,7 @@ diff --color -ruNp a/gss-serv.c b/gss-serv.c
  
  ssh_gssapi_mech gssapi_null_mech =
      { NULL, NULL, {0, NULL}, NULL, NULL, NULL, NULL, NULL};
-@@ -486,26 +486,351 @@ ssh_gssapi_getclient(Gssctxt *ctx, ssh_g
+@@ -486,26 +486,382 @@ ssh_gssapi_getclient(Gssctxt *ctx, ssh_g
  	return (ctx->major);
  }
  
@@ -184,12 +184,43 @@ diff --color -ruNp a/gss-serv.c b/gss-serv.c
 +	    (unsigned)getuid(), (unsigned)geteuid(), lname);
 +#ifdef HAVE_GSS_ACQUIRE_CRED_FROM
 +	{
++# if defined(KRB5)
++		/*
++		 * Resolve the keytab path: krb5_kt_default_name respects
++		 * KRB5_KTNAME and krb5.conf default_keytab_name.
++		 */
++		char keytab_name[MAXPATHLEN];
++		krb5_context tmp_ctx;
++
++
++		keytab_name[0] = '\0';
++		if (krb5_init_context(&tmp_ctx) == 0) {
++			(void)krb5_kt_default_name(tmp_ctx, keytab_name,
++			    sizeof(keytab_name));
++			krb5_free_context(tmp_ctx);
++		}
++		if (keytab_name[0] == '\0')
++			strlcpy(keytab_name, "FILE:/etc/krb5.keytab",
++			    sizeof(keytab_name));
++		/*
++		 * client_keytab lets GSSAPI do AS-REQ to obtain a TGT for the
++		 * host principal (initiator role needed for S4U2Self).
++		 * keytab covers the acceptor role.
++		 * ccache: MEMORY: keeps the resulting TGT volatile.
++		 */
 +		gss_key_value_element_desc store_elements[] = {
-+			{ "client_keytab", "/etc/krb5.keytab" },
-+			{ "keytab",        "/etc/krb5.keytab" },
-+			{ "ccache",        "MEMORY:"          },
++			{ "client_keytab", keytab_name },
++			{ "keytab", keytab_name },
++			{ "ccache", "MEMORY:" },
 +		};
 +		const gss_key_value_set_desc cred_store = { 3, store_elements };
++# else
++		gss_key_value_element_desc store_elements[] = {
++			{ "ccache", "MEMORY:" },
++		};
++		const gss_key_value_set_desc cred_store = { 1, store_elements };
++# endif
++
 +
 +		major = gss_acquire_cred_from(&minor, host_name, lifetime,
 +		    oidset, GSS_C_BOTH, &cred_store, &host_creds, NULL, NULL);
diff --git a/openssh.spec b/openssh.spec
index afb4332..650998a 100644
--- a/openssh.spec
+++ b/openssh.spec
@@ -43,7 +43,7 @@
 Summary: An open source implementation of SSH protocol version 2
 Name: openssh
 Version: %{openssh_ver}
-Release: 25%{?dist}
+Release: 26%{?dist}
 URL: http://www.openssh.com/portable.html
 Source0: ftp://ftp.openbsd.org/pub/OpenBSD/OpenSSH/portable/openssh-%{version}.tar.gz
 Source1: ftp://ftp.openbsd.org/pub/OpenBSD/OpenSSH/portable/openssh-%{version}.tar.gz.asc
@@ -740,6 +740,10 @@ test -f %{sysconfig_anaconda} && \
 %attr(0755,root,root) %{_libdir}/sshtest/sk-dummy.so
 
 %changelog
+* Tue Apr 14 2026 Dmitry Belyavskiy <dbelyavs@redhat.com> - 9.9p1-26
+- Improve keytab detection when obtaining Kerberos tickets on behalf of user on SSH authentication
+  Related: RHEL-92932
+
 * Wed Apr 01 2026 Zoltan Fridrich <zfridric@redhat.com> - 9.9p1-25
 - Fix static analysis issues
   Resolves: RHEL-163365