diff --git a/lib/krb5/aname_to_localname.c b/lib/krb5/aname_to_localname.c
index ed96ea3d4..49c9554a6 100644
--- a/lib/krb5/aname_to_localname.c
+++ b/lib/krb5/aname_to_localname.c
@@ -290,6 +290,7 @@ krb5_aname_to_localname(krb5_context context,
 {
     static heim_base_once_t reg_def_plugins = HEIM_BASE_ONCE_INIT;
     krb5_error_code ret;
+    krb5_realm realm;
     size_t i;
     char **rules = NULL;
     char *rule;
@@ -304,8 +305,13 @@ krb5_aname_to_localname(krb5_context context,
     if (ret != KRB5_PLUGIN_NO_HANDLE)
 	return ret;
 
-    rules = krb5_config_get_strings(context, NULL, "realms", aname->realm,
+    ret = krb5_get_default_realm(context, &realm);
+    if (ret)
+	return ret;
+
+    rules = krb5_config_get_strings(context, NULL, "realms", realm,
 				    "auth_to_local", NULL);
+    krb5_xfree(realm);
     if (!rules) {
 	/* Heimdal's default rule */
 	ret = an2ln_default(context, "HEIMDAL_DEFAULT", aname, lnsize, lname);
diff --git a/tests/kdc/an2ln-db.txt b/tests/kdc/an2ln-db.txt
index 511d957e6..39e1a5018 100644
--- a/tests/kdc/an2ln-db.txt
+++ b/tests/kdc/an2ln-db.txt
@@ -70,7 +70,9 @@ f8cd2e85efa891af junk
 fd6e5e417b8296a7 junk
 foo/mapped1@TEST2.H5L.SE foo_mapped
 mapped1@TEST2.H5L.SE m1
+mapped1@TEST3.H5L.SE mapped1
 mapped2@TEST2.H5L.SE m2
+mapped2@TEST3.H5L.SE mapped2
 z008213d189aac2b junk
 z07644c5c50f29d5 junk
 z094067ad439189c junk
diff --git a/tests/kdc/check-authz.in b/tests/kdc/check-authz.in
index c2e373a3f..9acd7f05d 100644
--- a/tests/kdc/check-authz.in
+++ b/tests/kdc/check-authz.in
@@ -79,8 +79,8 @@ check_localname mapped1@${R2} 0 m1 || exit 1
 check_localname mapped2@${R2} 0 m2 || exit 1
 check_localname mapped1@${R3} 0 mapped1 || exit 1
 check_localname mapped2@${R3} 0 mapped2 || exit 1
-check_localname notmapped1@${R} 1 || exit 1
-check_localname notmapped1@${R2} 1 || exit 1
+check_localname notmapped1@${R} 0 notmapped1 || exit 1
+check_localname notmapped1@${R2} 0 notmapped1 || exit 1
 check_localname notmapped1@${R3} 0 notmapped1 || exit 1
 
 echo "Checking 1-component principal names in non-default realm"
diff --git a/tests/kdc/krb5-authz.conf.in b/tests/kdc/krb5-authz.conf.in
index 899f41740..bd6e2cba1 100644
--- a/tests/kdc/krb5-authz.conf.in
+++ b/tests/kdc/krb5-authz.conf.in
@@ -15,13 +15,7 @@
 		mapped1 = foo
 		mapped2 = bar
 	    }
-	    auth_to_local = NONE
-	}
-	TEST2.H5L.SE = {
-	    auth_to_local = DB:@srcdir@/an2ln-db.txt
-	}
-	TEST3.H5L.SE = {
-	    auth_to_local = DEFAULT
+	    auth_to_local = DB:./an2ln-db.txt DEFAULT
 	}
 
 [logging]
diff --git a/tests/kdc/krb5-authz2.conf.in b/tests/kdc/krb5-authz2.conf.in
index 4179cda94..2f805fb44 100644
--- a/tests/kdc/krb5-authz2.conf.in
+++ b/tests/kdc/krb5-authz2.conf.in
@@ -16,13 +16,7 @@
 		mapped1 = foo
 		mapped2 = bar
 	    }
-	    auth_to_local = NONE
-	}
-	TEST2.H5L.SE = {
-	    auth_to_local = DB:@srcdir@/an2ln-db.txt
-	}
-	TEST3.H5L.SE = {
-	    auth_to_local = DEFAULT
+	    auth_to_local = DB:./an2ln-db.txt DEFAULT
 	}
 
 [logging]