diff --git a/lib/krb5/changepw.c b/lib/krb5/changepw.c
index a62b14090..374f59ecb 100644
--- a/lib/krb5/changepw.c
+++ b/lib/krb5/changepw.c
@@ -632,7 +632,7 @@ krb5_set_password (krb5_context	 context,
 	principal = targprinc;
 
     ret = krb5_make_principal(context, &creds.server, 
-			      *krb5_princ_realm(context, principal),
+			      krb5_principal_get_realm(context, principal),
 			      "kadmin", "changepw", NULL);
     if (ret)
 	goto out;
diff --git a/lib/krb5/convert_creds.c b/lib/krb5/convert_creds.c
index cf9fbdf99..fbd6dd782 100644
--- a/lib/krb5/convert_creds.c
+++ b/lib/krb5/convert_creds.c
@@ -344,8 +344,8 @@ krb524_convert_creds_kdc(krb5_context context,
 	krb5_krbhst_handle handle;
 
 	ret = krb5_krbhst_init(context,
-			       *krb5_princ_realm(context, 
-						v5_creds->server),
+			       krb5_principal_get_realm(context, 
+							v5_creds->server),
 			       KRB5_KRBHST_KRB524,
 			       &handle);
 	if (ret)
diff --git a/lib/krb5/get_for_creds.c b/lib/krb5/get_for_creds.c
index 1999416bf..281d0f213 100644
--- a/lib/krb5/get_for_creds.c
+++ b/lib/krb5/get_for_creds.c
@@ -243,10 +243,10 @@ krb5_get_forwarded_creds (krb5_context	    context,
 
     if (auth_context->local_address && auth_context->local_port) {
 	krb5_boolean noaddr;
-	const krb5_realm *realm;
+	krb5_const_realm realm;
 
-	realm = krb5_princ_realm(context, out_creds->server);
-	krb5_appdefault_boolean(context, NULL, *realm, "no-addresses", FALSE,
+	realm = krb5_principal_get_realm(context, out_creds->server);
+	krb5_appdefault_boolean(context, NULL, realm, "no-addresses", FALSE,
 				&noaddr);
 	if (!noaddr) {
 	    ret = krb5_make_addrport (context,
@@ -261,10 +261,10 @@ krb5_get_forwarded_creds (krb5_context	    context,
     if (auth_context->remote_address) {
 	if (auth_context->remote_port) {
 	    krb5_boolean noaddr;
-	    const krb5_realm *realm;
+	    krb5_const_realm realm;
 
-	    realm = krb5_princ_realm(context, out_creds->server);
-	    krb5_appdefault_boolean(context, NULL, *realm, "no-addresses",
+	    realm = krb5_principal_get_realm(context, out_creds->server);
+	    krb5_appdefault_boolean(context, NULL, realm, "no-addresses",
 				    FALSE, &noaddr);
 	    if (!noaddr) {
 		ret = krb5_make_addrport (context,
diff --git a/lib/krb5/init_creds_pw.c b/lib/krb5/init_creds_pw.c
index 888e2dc16..db4465647 100644
--- a/lib/krb5/init_creds_pw.c
+++ b/lib/krb5/init_creds_pw.c
@@ -150,7 +150,7 @@ init_cred (krb5_context context,
 	   krb5_get_init_creds_opt *options)
 {
     krb5_error_code ret;
-    krb5_realm *client_realm;
+    krb5_const_realm client_realm;
     int tmp;
     krb5_timestamp now;
 
@@ -167,7 +167,7 @@ init_cred (krb5_context context,
 	    goto out;
     }
 
-    client_realm = krb5_princ_realm (context, cred->client);
+    client_realm = krb5_principal_get_realm (context, cred->client);
 
     if (start_time)
 	cred->times.starttime  = now + start_time;
@@ -189,12 +189,12 @@ init_cred (krb5_context context,
 	ret = krb5_parse_name (context, in_tkt_service, &cred->server);
 	if (ret)
 	    goto out;
-	server_realm = strdup (*client_realm);
+	server_realm = strdup (client_realm);
 	free (*krb5_princ_realm(context, cred->server));
 	krb5_princ_set_realm (context, cred->server, &server_realm);
     } else {
 	ret = krb5_make_principal(context, &cred->server, 
-				  *client_realm, KRB5_TGS_NAME, *client_realm,
+				  client_realm, KRB5_TGS_NAME, client_realm,
 				  NULL);
 	if (ret)
 	    goto out;
@@ -230,7 +230,7 @@ report_expiration (krb5_context context,
 
 static void
 print_expire (krb5_context context,
-	      krb5_realm *realm,
+	      krb5_const_realm realm,
 	      krb5_kdc_rep *rep,
 	      krb5_prompter_fct prompter,
 	      krb5_data *data)
@@ -244,7 +244,7 @@ print_expire (krb5_context context,
     krb5_timeofday (context, &sec);
 
     t = sec + get_config_time (context,
-			       *realm,
+			       realm,
 			       "warn_pwexpire",
 			       7 * 24 * 60 * 60);
 
@@ -1372,7 +1372,7 @@ krb5_get_init_creds(krb5_context context,
 
     if (prompter)
 	print_expire (context,
-		      krb5_princ_realm (context, ctx.cred.client),
+		      krb5_principal_get_realm (context, ctx.cred.client),
 		      &kdc_reply,
 		      prompter,
 		      data);
diff --git a/lib/krb5/verify_user.c b/lib/krb5/verify_user.c
index f66a95746..9521ce3e1 100644
--- a/lib/krb5/verify_user.c
+++ b/lib/krb5/verify_user.c
@@ -143,7 +143,7 @@ verify_user_opt_int(krb5_context context,
     if (ret)
 	return ret;
     krb5_get_init_creds_opt_set_default_flags(context, NULL, 
-					      *krb5_princ_realm(context, principal), 
+					      krb5_principal_get_realm(context, principal), 
 					      opt);
     ret = krb5_get_init_creds_password (context,
 					&cred,