diff --git a/CHANGELOG.md b/CHANGELOG.md
index 18aef02c8a..92cbdab82b 100644
--- a/CHANGELOG.md
+++ b/CHANGELOG.md
@@ -14,11 +14,12 @@ New modules:
 
 New config settings:
 
-* default_sudo_exe parameter can be set in config to use sudo alternatives
-* added when_failed and when_changed
+* sudo_exe parameter can be set in config to use sudo alternatives
+* sudo_flags parameter can alter the flags used with sudo
 
 New playbook/language features:
 
+* added when_failed and when_changed
 * task includes can now be of infinite depth
 * when_set and when_unset can take more than one var (when_set: $a and $b and $c)
 * added the with_sequence lookup plugin
diff --git a/examples/ansible.cfg b/examples/ansible.cfg
index 0ba9957f64..ab8dd20c4f 100644
--- a/examples/ansible.cfg
+++ b/examples/ansible.cfg
@@ -76,6 +76,9 @@ remote_port=22
 
 sudo_exe=sudo
 
+# the default flags passed to sudo
+# sudo_flags=-H
+
 # how to handle hash defined in several places
 # hash can be merged, or replaced
 # if you use replace, and have multiple hashes named 'x', the last defined
diff --git a/lib/ansible/constants.py b/lib/ansible/constants.py
index 7bd75777f2..b43986eb09 100644
--- a/lib/ansible/constants.py
+++ b/lib/ansible/constants.py
@@ -92,6 +92,7 @@ DEFAULT_MANAGED_STR       = get_config(p, DEFAULTS, 'ansible_managed',  None,
 DEFAULT_SYSLOG_FACILITY   = get_config(p, DEFAULTS, 'syslog_facility',  'ANSIBLE_SYSLOG_FACILITY', 'LOG_USER')
 DEFAULT_KEEP_REMOTE_FILES = get_config(p, DEFAULTS, 'keep_remote_files', 'ANSIBLE_KEEP_REMOTE_FILES', '0')
 DEFAULT_SUDO_EXE          = get_config(p, DEFAULTS, 'sudo_exe', 'ANSIBLE_SUDO_EXE', 'sudo')
+DEFAULT_SUDO_FLAGS        = get_config(p, DEFAULTS, 'sudo_flags', 'ANSIBLE_SUDO_FLAGS', '-H')
 DEFAULT_HASH_BEHAVIOUR    = get_config(p, DEFAULTS, 'hash_behaviour', 'ANSIBLE_HASH_BEHAVIOUR', 'replace')
 
 DEFAULT_ACTION_PLUGIN_PATH     = shell_expand_path(get_config(p, DEFAULTS, 'action_plugins',     'ANSIBLE_ACTION_PLUGINS', '/usr/share/ansible_plugins/action_plugins'))
diff --git a/lib/ansible/utils/__init__.py b/lib/ansible/utils/__init__.py
index 139e1584e9..53b9b989e5 100644
--- a/lib/ansible/utils/__init__.py
+++ b/lib/ansible/utils/__init__.py
@@ -590,6 +590,7 @@ def make_sudo_cmd(sudo_user, executable, cmd):
     # the -p option.
     randbits = ''.join(chr(random.randint(ord('a'), ord('z'))) for x in xrange(32))
     prompt = '[sudo via ansible, key=%s] password: ' % randbits
-    sudocmd = '%s -k && %s -S -p "%s" -u %s %s -c %s' % (
-        C.DEFAULT_SUDO_EXE, C.DEFAULT_SUDO_EXE, prompt, sudo_user, executable or '$SHELL', pipes.quote(cmd))
+    sudocmd = '%s -k && %s %s -S -p "%s" -u %s %s -c %s' % (
+        C.DEFAULT_SUDO_EXE, C.DEFAULT_SUDO_EXE, C.DEFAULT_SUDO_FLAGS,
+        prompt, sudo_user, executable or '$SHELL', pipes.quote(cmd))
     return ('/bin/sh -c ' + pipes.quote(sudocmd), prompt)