diff --git a/builder/kojid b/builder/kojid
index 8a308d08..08d0a990 100755
--- a/builder/kojid
+++ b/builder/kojid
@@ -6131,6 +6131,7 @@ def get_options():
                 'krbservice': 'host',
                 'krb_rdns': True,
                 'krb_canon_host': False,
+                'krb_server_realm': None,
                 'server': None,
                 'user': None,
                 'password': None,
diff --git a/cli/koji.conf b/cli/koji.conf
index 0a278107..96e7bf43 100644
--- a/cli/koji.conf
+++ b/cli/koji.conf
@@ -28,6 +28,9 @@
 ;enable to lookup dns canonical hostname for krb auth
 ;krb_canon_host = no
 
+;The realm of server principal. Using client's realm if not set
+;krb_server_realm = EXAMPLE.COM
+
 
 ;configuration for SSL authentication
 
diff --git a/koji/__init__.py b/koji/__init__.py
index b8da2583..c5912476 100644
--- a/koji/__init__.py
+++ b/koji/__init__.py
@@ -1709,6 +1709,7 @@ def read_config(profile_name, user_config=None):
         'krbservice': 'host',
         'krb_rdns': True,
         'krb_canon_host': False,
+        'krb_server_realm': None,
         'principal': None,
         'keytab': None,
         'cert': None,
@@ -2124,6 +2125,7 @@ def grab_session_options(options):
         'upload_blocksize',
         'krb_rdns',
         'krb_canon_host',
+        'krb_server_realm',
         'no_ssl_verify',
         'serverca',
     )
@@ -2303,7 +2305,9 @@ class ClientSession(object):
 
         host = six.moves.urllib.parse.urlparse(self.baseurl).hostname
         servername = self._fix_krb_host(host)
-        realm = cprinc.realm
+        realm = self.opts.get('krb_server_realm')
+        if not realm:
+            realm = cprinc.realm
         service = self.opts.get('krbservice', 'host')
 
         ret = '%s/%s@%s' % (service, servername, realm)
diff --git a/util/koji-gc b/util/koji-gc
index 02a29f1a..29e250a6 100755
--- a/util/koji-gc
+++ b/util/koji-gc
@@ -48,6 +48,8 @@ def get_options():
                       help=_("get reverse dns FQDN for krb target"))
     parser.add_option("--krb-canon-host", action="store_true", default=False,
                       help=_("get canonical hostname for krb target"))
+    parser.add_option("--krb-server-realm",
+                      help=_("the realm of server Kerberos principal"))
     parser.add_option("--runas", metavar="USER",
                       help=_("run as the specified user (requires special privileges)"))
     parser.add_option("--user", help=_("specify user"))
@@ -131,6 +133,7 @@ def get_options():
             ['krbservice', None, 'string'],
             ['krb_rdns', None, 'boolean'],
             ['krb_canon_host', None, 'boolean'],
+            ['krb_server_realm', None, 'string'],
             ['runas', None, 'string'],
             ['user', None, 'string'],
             ['password', None, 'string'],
diff --git a/util/koji-gc.conf b/util/koji-gc.conf
index dea88807..a657c20e 100644
--- a/util/koji-gc.conf
+++ b/util/koji-gc.conf
@@ -19,6 +19,9 @@ weburl = https://koji.fedoraproject.org/koji
 # The service name of the principal being used by the hub
 #krbservice = host
 
+## The realm of server principal. Using client's realm if not set
+# krb_server_realm = EXAMPLE.COM
+
 # The domain name that will be appended to Koji usernames
 # when creating email notifications
 #email_domain = fedoraproject.org
diff --git a/util/koji-shadow b/util/koji-shadow
index c0924fc7..c603c509 100755
--- a/util/koji-shadow
+++ b/util/koji-shadow
@@ -85,6 +85,8 @@ def get_options():
                       help=_("get reverse dns FQDN for krb target"))
     parser.add_option("--krb-canon-host", action="store_true", default=False,
                       help=_("get canonical hostname for krb target"))
+    parser.add_option("--krb-server-realm",
+                      help=_("the realm of server Kerberos principal"))
     parser.add_option("--noauth", action="store_true", default=False,
                       help=_("do not authenticate"))
     parser.add_option("-n", "--test", action="store_true", default=False,
diff --git a/util/koji-shadow.conf b/util/koji-shadow.conf
index d31080c7..daf3bac1 100644
--- a/util/koji-shadow.conf
+++ b/util/koji-shadow.conf
@@ -5,3 +5,6 @@
 server=http://localhost/kojihub/
 krbservice=host
 remote=https://koji.fedoraproject.org/kojihub
+
+## The realm of server principal. Using client's realm if not set
+# krb_server_realm = EXAMPLE.COM
diff --git a/util/kojira b/util/kojira
index 69fbf8c2..cb85eefd 100755
--- a/util/kojira
+++ b/util/kojira
@@ -924,6 +924,7 @@ def get_options():
                 'krbservice': 'host',
                 'krb_rdns': True,
                 'krb_canon_host': False,
+                'krb_server_realm': None,
                 'retry_interval': 60,
                 'max_retries': 120,
                 'offline_retry': True,
diff --git a/util/kojira.conf b/util/kojira.conf
index 6cf509e6..bf5527e2 100644
--- a/util/kojira.conf
+++ b/util/kojira.conf
@@ -32,6 +32,9 @@ with_src=no
 ;the service name of the principal being used by the hub
 ;krbservice = host
 
+;The realm of server principal. Using client's realm if not set
+;krb_server_realm = EXAMPLE.COM
+
 ;configuration for SSL authentication
 
 ;client certificate
diff --git a/vm/kojivmd b/vm/kojivmd
index 6594ca85..f9f3daa8 100755
--- a/vm/kojivmd
+++ b/vm/kojivmd
@@ -128,6 +128,7 @@ def get_options():
                 'krbservice': 'host',
                 'krb_rdns': True,
                 'krb_canon_host': False,
+                'krb_server_realm': None,
                 'server': None,
                 'user': None,
                 'password': None,
diff --git a/vm/kojivmd.conf b/vm/kojivmd.conf
index 2b431b28..802b19a4 100644
--- a/vm/kojivmd.conf
+++ b/vm/kojivmd.conf
@@ -45,6 +45,9 @@ from_addr=Koji Build System <buildsys@example.com>
 ;the service name of the principal being used by the hub
 ;krbservice = host
 
+;The realm of server principal. Using client's realm if not set
+;krb_server_realm = EXAMPLE.COM
+
 ;configuration for SSL authentication
 
 ;client certificate
diff --git a/www/conf/web.conf b/www/conf/web.conf
index db73a1eb..cd176b00 100644
--- a/www/conf/web.conf
+++ b/www/conf/web.conf
@@ -12,6 +12,8 @@ KojiFilesURL = http://server.example.com/kojifiles
 # WebCCache = /var/tmp/kojiweb.ccache
 # The service name of the principal being used by the hub
 # KrbService = host
+## The realm of server principal. Using client's realm if not set
+# KrbServerRealm = EXAMPLE.COM
 
 # SSL authentication options
 # WebCert = /etc/kojiweb/kojiweb.crt
diff --git a/www/kojiweb/index.py b/www/kojiweb/index.py
index ebee2eaa..e5ec5d82 100644
--- a/www/kojiweb/index.py
+++ b/www/kojiweb/index.py
@@ -170,6 +170,7 @@ def _getServer(environ):
     s_opts = {'krbservice': opts['KrbService'],
               'krb_rdns': opts['KrbRDNS'],
               'krb_canon_host': opts['KrbCanonHost'],
+              'krb_server_realm': opts['KrbServerRealm']
               }
     session = koji.ClientSession(opts['KojiHubURL'], opts=s_opts)
 
diff --git a/www/kojiweb/wsgi_publisher.py b/www/kojiweb/wsgi_publisher.py
index abb34242..7c1782f9 100644
--- a/www/kojiweb/wsgi_publisher.py
+++ b/www/kojiweb/wsgi_publisher.py
@@ -79,6 +79,7 @@ class Dispatcher(object):
         ['KrbService', 'string', 'host'],
         ['KrbRDNS', 'boolean', True],
         ['KrbCanonHost', 'boolean', False],
+        ['KrbServerRealm', 'string', None],
 
         ['WebCert', 'string', None],
         ['KojiHubCA', 'string', '/etc/kojiweb/kojihubca.crt'],