diff --git a/lib/gssapi/krb5/acquire_cred.c b/lib/gssapi/krb5/acquire_cred.c
index 4f6f38e67..696171dcf 100644
--- a/lib/gssapi/krb5/acquire_cred.c
+++ b/lib/gssapi/krb5/acquire_cred.c
@@ -339,8 +339,8 @@ OM_uint32 _gsskrb5_acquire_cred
 
     if (desired_name != GSS_C_NO_NAME) {
 
-	ret = _gsskrb5_canon_name(minor_status, context, 0, desired_name,
-				  &handle->principal);
+	ret = _gsskrb5_canon_name(minor_status, context, 0, NULL,
+				  desired_name, &handle->principal);
 	if (ret) {
 	    HEIMDAL_MUTEX_destroy(&handle->cred_id_mutex);
 	    free(handle);
diff --git a/lib/gssapi/krb5/canonicalize_name.c b/lib/gssapi/krb5/canonicalize_name.c
index 7e0c3fe72..3de55d6e3 100644
--- a/lib/gssapi/krb5/canonicalize_name.c
+++ b/lib/gssapi/krb5/canonicalize_name.c
@@ -48,7 +48,7 @@ OM_uint32 _gsskrb5_canonicalize_name (
 
     GSSAPI_KRB5_INIT (&context);
 
-    ret = _gsskrb5_canon_name(minor_status, context, 1, input_name, &name);
+    ret = _gsskrb5_canon_name(minor_status, context, 1, NULL, input_name, &name);
     if (ret)
 	return ret;
 
diff --git a/lib/gssapi/krb5/import_name.c b/lib/gssapi/krb5/import_name.c
index d488ce754..f1aca93ff 100644
--- a/lib/gssapi/krb5/import_name.c
+++ b/lib/gssapi/krb5/import_name.c
@@ -83,9 +83,10 @@ import_krb5_name (OM_uint32 *minor_status,
 
 OM_uint32
 _gsskrb5_canon_name(OM_uint32 *minor_status, krb5_context context,
-		    int use_dns, gss_name_t name, krb5_principal *out)
+		    int use_dns, krb5_const_principal sourcename, gss_name_t targetname,
+		    krb5_principal *out)
 {
-    krb5_principal p = (krb5_principal)name;
+    krb5_principal p = (krb5_principal)targetname;
     krb5_error_code ret;
     char *hostname = NULL, *service;
 
@@ -96,8 +97,11 @@ _gsskrb5_canon_name(OM_uint32 *minor_status, krb5_context context,
 	ret = krb5_copy_principal(context, p, out);
     } else if (!use_dns) {
 	ret = krb5_copy_principal(context, p, out);
-	if (ret == 0)
-	    krb5_principal_set_type(context, *out, KRB5_NT_SRV_HST);
+	if (ret)
+	    goto out;
+	krb5_principal_set_type(context, *out, KRB5_NT_SRV_HST);
+	if (sourcename)
+	    ret = krb5_principal_set_realm(context, *out, sourcename->realm);
     } else {
 	if (p->name.name_string.len == 0)
 	    return GSS_S_BAD_NAME;
@@ -113,6 +117,7 @@ _gsskrb5_canon_name(OM_uint32 *minor_status, krb5_context context,
 				      out);
     }
 
+ out:
     if (ret) {
 	*minor_status = ret;
 	return GSS_S_FAILURE;
diff --git a/lib/gssapi/krb5/init_sec_context.c b/lib/gssapi/krb5/init_sec_context.c
index 35ab9dd88..b269d0679 100644
--- a/lib/gssapi/krb5/init_sec_context.c
+++ b/lib/gssapi/krb5/init_sec_context.c
@@ -191,7 +191,7 @@ gsskrb5_get_creds(
     }
 
     ret = _gsskrb5_canon_name(minor_status, context, use_dns,
-			      target_name, &ctx->target);
+			      ctx->source, target_name, &ctx->target);
     if (ret)
 	return ret;