* lib/krb5/kuserok.c: if a .k5login file exist, don't give
implicit rights to anyone; also check owner/mode of .k5login
At a guess, the above is your problem: "implicit rights" to me implies the Kerberos principal corresponding to the account owner, so if you have a .k5login you must now list yourself in it to have permission to authenticate.