diff --git a/tests/Makefile.am b/tests/Makefile.am
index e36f80050..aad29fab8 100644
--- a/tests/Makefile.am
+++ b/tests/Makefile.am
@@ -2,7 +2,7 @@
 
 include $(top_srcdir)/Makefile.am.common
 
-SUBDIRS = bin db kdc gss ldap can java
+SUBDIRS = bin db gss ldap can java kdc
 
 if ENABLE_SHARED
 if HAVE_DLOPEN
diff --git a/tests/gss/check-basic.in b/tests/gss/check-basic.in
index ef630979b..fca02235f 100644
--- a/tests/gss/check-basic.in
+++ b/tests/gss/check-basic.in
@@ -114,6 +114,11 @@ ${acquire_cred} \
     --acquire-type=accept \
     --acquire-name=host@host.test.h5l.se || exit 1
 
+echo "keytab w/ short-form name and name canon rules"
+${acquire_cred} \
+    --acquire-type=accept \
+    --acquire-name=host@host || exit 1
+
 echo "keytab w/o name"
 ${acquire_cred} \
     --acquire-type=accept || exit 1
diff --git a/tests/gss/check-context.in b/tests/gss/check-context.in
index a46c7a313..9ada5949c 100644
--- a/tests/gss/check-context.in
+++ b/tests/gss/check-context.in
@@ -81,8 +81,6 @@ ${kadmin} \
 # add both lucid and lucid.test.h5l.se to simulate aliases
 ${kadmin} add -p p1 --use-defaults host/lucid.test.h5l.se@${R} || exit 1
 ${kadmin} ext -k ${keytab} host/lucid.test.h5l.se@${R} || exit 1
-${kadmin} add -p p1 --use-defaults host/lucid@${R} || exit 1
-${kadmin} ext -k ${keytab} host/lucid@${R} || exit 1
 
 ${kadmin} add -p p1 --use-defaults host/ok-delegate.test.h5l.se@${R} || exit 1
 ${kadmin} mod --attributes=+ok-as-delegate host/ok-delegate.test.h5l.se@${R} || exit 1
@@ -152,12 +150,21 @@ echo "======test naming combinations"
 echo "plain"  ; > messages.log
 ${context} --name-type=hostbased-service host@lucid.test.h5l.se || \
 	{ eval "$testfailed"; }
+echo "plain w/ short-form hostname"  ; > messages.log
+${context} --name-type=hostbased-service host@lucid || \
+	{ eval "$testfailed"; }
 echo "plain (krb5)" ; > messages.log
 ${context} --name-type=krb5-principal-name host/lucid.test.h5l.se@${R} || \
 	{ eval "$testfailed"; }
 echo "plain (krb5 realmless)" ; > messages.log
 ${context} --name-type=krb5-principal-name host/lucid.test.h5l.se || \
 	{ eval "$testfailed"; }
+echo "plain (krb5 realmless short-form should fail)" ; > messages.log
+${context} --name-type=krb5-principal-name host/lucid 2>/dev/null && \
+	{ eval "$testfailed"; }
+echo "creating short-form princ"
+${kadmin} add -p p1 --use-defaults host/lucid@${R} || exit 1
+${kadmin} ext -k ${keytab} host/lucid@${R} || exit 1
 echo "dns canon on (long name) OFF, need dns_wrapper" ; > messages.log
 #${context} --dns-canon host@lucid.test.h5l.se || \
 #	{ eval "$testfailed"; }
diff --git a/tests/gss/krb5.conf.in b/tests/gss/krb5.conf.in
index f16666206..bf254d55c 100644
--- a/tests/gss/krb5.conf.in
+++ b/tests/gss/krb5.conf.in
@@ -6,6 +6,8 @@
 	default_keytab_name = @objdir@/server.keytab
 	dns_canonicalize_hostname = false
 	dns_lookup_realm = false
+	name_canon_rules = as-is:realm=TEST.H5L.SE
+	name_canon_rules = qualify:domain=test.h5l.se
 
 [realms]
 	TEST.H5L.SE = {