diff --git a/auth/credentials/credentials_krb5.c b/auth/credentials/credentials_krb5.c
index cc51f56..62e8e16 100644
--- a/auth/credentials/credentials_krb5.c
+++ b/auth/credentials/credentials_krb5.c
@@ -101,7 +101,7 @@ static int cli_credentials_set_from_ccache(struct cli_credentials *cred,
 		return ret;
 	}
 	
-	ret = krb5_unparse_name(ccache->smb_krb5_context->krb5_context, princ, &name);
+	ret = smb_krb5_unparse_name(cred, ccache->smb_krb5_context->krb5_context, princ, &name);
 	if (ret) {
 		(*error_string) = talloc_asprintf(cred, "failed to unparse principal from ccache: %s\n",
 						  smb_get_krb5_error_message(ccache->smb_krb5_context->krb5_context,
@@ -111,7 +111,7 @@ static int cli_credentials_set_from_ccache(struct cli_credentials *cred,
 
 	cli_credentials_set_principal(cred, name, obtained);
 
-	free(name);
+	talloc_free(name);
 
 	krb5_free_principal(ccache->smb_krb5_context->krb5_context, princ);
 
diff --git a/lib/krb5_wrap/krb5_samba.c b/lib/krb5_wrap/krb5_samba.c
index 3a2401a..69dd28b 100644
--- a/lib/krb5_wrap/krb5_samba.c
+++ b/lib/krb5_wrap/krb5_samba.c
@@ -419,6 +419,9 @@ krb5_error_code smb_krb5_unparse_name(TALLOC_CTX *mem_ctx,
 		return ret;
 	}
 
+	/* Get rid of quoted spaces from Heimdal */
+	string_sub(utf8_name, "\\ ", " ", 0);
+
 	if (!pull_utf8_talloc(mem_ctx, unix_name, utf8_name, &converted_size)) {
 		krb5_free_unparsed_name(context, utf8_name);
 		return ENOMEM;
diff --git a/source4/auth/gensec/gensec_krb5.c b/source4/auth/gensec/gensec_krb5.c
index 140a165..e82f945 100644
--- a/source4/auth/gensec/gensec_krb5.c
+++ b/source4/auth/gensec/gensec_krb5.c
@@ -695,7 +695,8 @@ static NTSTATUS gensec_krb5_session_info(struct gensec_security *gensec_security
 		return NT_STATUS_NO_MEMORY;
 	}
 	
-	ret = krb5_unparse_name(gensec_krb5_state->smb_krb5_context->krb5_context, 
+	ret = smb_krb5_unparse_name(tmp_ctx, 
+				gensec_krb5_state->smb_krb5_context->krb5_context, 
 				client_principal, &principal_string);
 	if (ret) {
 		DEBUG(1, ("Unable to parse client principal: %s\n",
@@ -719,7 +720,6 @@ static NTSTATUS gensec_krb5_session_info(struct gensec_security *gensec_security
 		/* Found pac */
 		pac_blob = data_blob_talloc(tmp_ctx, pac_data.data, pac_data.length);
 		if (!pac_blob.data) {
-			free(principal_string);
 			krb5_free_principal(context, client_principal);
 			talloc_free(tmp_ctx);
 			return NT_STATUS_NO_MEMORY;
@@ -734,7 +734,6 @@ static NTSTATUS gensec_krb5_session_info(struct gensec_security *gensec_security
 						gensec_krb5_state->ticket->ticket.authtime, NULL);
 
 		if (!NT_STATUS_IS_OK(nt_status)) {
-			free(principal_string);
 			krb5_free_principal(context, client_principal);
 			talloc_free(tmp_ctx);
 			return nt_status;
@@ -750,7 +749,6 @@ static NTSTATUS gensec_krb5_session_info(struct gensec_security *gensec_security
 						     gensec_get_remote_address(gensec_security),
 						     &session_info);
 
-	free(principal_string);
 	krb5_free_principal(context, client_principal);
 
 	if (!NT_STATUS_IS_OK(nt_status)) {