The following parts of the code need to be modified to always use the correct realm: * kprop.c:get_tickets(), which currently uses sn2princ on the local hostname, and substitutes the default realm (not the -r realm value) if it gets back the referral realm. That function also uses sn2princ on the server hostname, but ignores the realm as it is making an AS request. * kpropd.c:do_iprop(), which currently uses krb5_get_default_realm() to look up the master service principal, ignoring the -r realm value. It also uses sn2princ on the local hostname, substituting the default realm (again, not the -r realm value) if it gets back the referral realm. * kpropd.c:parse_args(), which currently uses sn2princ on the local hostname, and substitutes the -r realm value if given. If it gets back the referral realm and no -r realm value is given, the server principal will have no realm. We are adding krb5_expand_hostname() from Heimdal, but (a) the initial solution to this bug should probably not use a new API so that it can be backported, and (b) we really want an sn2princ-like API for most of these parts of the code, just not with the realm lookup.