Index: src/include/k5-int.h
===================================================================
--- src/include/k5-int.h.orig
+++ src/include/k5-int.h
@@ -1253,6 +1253,11 @@ struct _krb5_context {
 
 #define KRB5_LIBOPT_SYNC_KDCTIME	0x0001
 
+#ifdef __CI_PRINC__
+#define KRB5_LIBOPT_CASE_INSENSITIVE   0x0002
+#define KRB5_LIBOPT_RD_REQ_TRY_HOST_SPN        0x0004
+#endif
+
 /* internal message representations */
 
 typedef struct _krb5_safe {
Index: src/lib/krb5/krb/init_ctx.c
===================================================================
--- src/lib/krb5/krb/init_ctx.c.orig
+++ src/lib/krb5/krb/init_ctx.c
@@ -222,6 +222,16 @@ init_common (krb5_context *context, krb5
 			    &tmp);
 	ctx->library_options = tmp ? KRB5_LIBOPT_SYNC_KDCTIME : 0;
 
+#ifdef __CI_PRINC__
+#define DEFAULT_CASE_SENSITIVE 1
+       profile_get_boolean(ctx->profile, "libdefaults",
+                           "case_sensitive", 0, DEFAULT_CASE_SENSITIVE,
+                           &tmp);
+       if (tmp == 0)
+               ctx->library_options |= KRB5_LIBOPT_CASE_INSENSITIVE;
+
+#endif /* __CI_PRINC__ */
+
 	/*
 	 * We use a default file credentials cache of 3.  See
 	 * lib/krb5/krb/ccache/file/fcc.h for a description of the
Index: src/lib/krb5/krb/princ_comp.c
===================================================================
--- src/lib/krb5/krb/princ_comp.c.orig
+++ src/lib/krb5/krb/princ_comp.c
@@ -33,13 +33,35 @@
 krb5_boolean KRB5_CALLCONV
 krb5_realm_compare(krb5_context context, krb5_const_principal princ1, krb5_const_principal princ2)
 {
+    krb5_boolean ret;
+
     if ((princ1 == NULL) || (princ2 == NULL))
        return FALSE;
 
     if ((krb5_princ_realm(context, princ1) == NULL) ||
         (krb5_princ_realm(context, princ2) == NULL))
        return FALSE;
+#ifdef __CI_PRINC__
+    /* XXX this needs to be Unicode-aware */
+
+     if (krb5_princ_realm(context, princ1)->length !=
+       krb5_princ_realm(context, princ2)->length) {
+       /* NB this test won't be necessarily correct for UTF-8 */
+       return FALSE;
+    }
+
+    if (context->library_options & KRB5_LIBOPT_CASE_INSENSITIVE) {
+       ret = (strncasecmp (krb5_princ_realm(context, princ1)->data,
+                           krb5_princ_realm(context, princ2)->data,
+                           krb5_princ_realm(context, princ2)->length) == 0);
+    } else {
+       ret = (memcmp (krb5_princ_realm(context, princ1)->data,
+                      krb5_princ_realm(context, princ2)->data,
+                      krb5_princ_realm(context, princ2)->length) == 0);
+    }
 
+    return ret;
+#else
     if (krb5_princ_realm(context, princ1)->length != 
 	krb5_princ_realm(context, princ2)->length ||
 	memcmp (krb5_princ_realm(context, princ1)->data, 
@@ -48,6 +70,7 @@ krb5_realm_compare(krb5_context context,
 	return FALSE;
 
     return TRUE;
+#endif /* __CI_PRINC__ */
 }
 
 krb5_boolean KRB5_CALLCONV
@@ -69,9 +92,25 @@ krb5_principal_compare(krb5_context cont
     for (i = 0; i < (int) nelem; i++) {
 	register const krb5_data *p1 = krb5_princ_component(context, princ1, i);
 	register const krb5_data *p2 = krb5_princ_component(context, princ2, i);
+#ifdef __CI_PRINC__
+       /* XXX this needs to be Unicode-aware */
+       krb5_boolean ret;
+
+       if (p1->length != p2->length)
+           return FALSE;
+
+       if (context->library_options & KRB5_LIBOPT_CASE_INSENSITIVE)
+           ret = (strncasecmp(p1->data, p2->data, p1->length) == 0);
+       else
+           ret = (memcmp(p1->data, p2->data, p1->length) == 0);
+
+       if (ret == FALSE)
+           return ret;
+#else
 	if (p1->length != p2->length ||
 	    memcmp(p1->data, p2->data, p1->length))
 	    return FALSE;
+#endif /* __CI_PRINC__ */
     }
     return TRUE;
 }