Index: src/main/java/org/jboss/security/negotiation/spnego/SPNEGOLoginModule.java
===================================================================
--- src/main/java/org/jboss/security/negotiation/spnego/SPNEGOLoginModule.java	(revision 102565)
+++ src/main/java/org/jboss/security/negotiation/spnego/SPNEGOLoginModule.java	(working copy)
@@ -67,6 +67,8 @@
 
    private LoginContext serverLoginContext = null;
 
+   private String cutOffDomain;
+   
    private Principal identity = null;
 
    static
@@ -88,7 +90,9 @@
       super.initialize(subject, callbackHandler, sharedState, options);
       // Which security domain to authenticate the server.
       serverSecurityDomain = (String) options.get("serverSecurityDomain");
+      cutOffDomain = (String) options.get("cutOffDomain");
       log.debug("serverSecurityDomain=" + serverSecurityDomain);
+      log.debug("cutOffDomain=" + cutOffDomain);
    }
 
    @Override
@@ -129,7 +133,7 @@
                   String userName = identity.getName();
                   log.debug("Storing username '" + userName + "' and empty password");
                   // Add the username and a null password to the shared state map
-                  sharedState.put("javax.security.auth.login.name", identity);
+                  sharedState.put("javax.security.auth.login.name", userName);
                   sharedState.put("javax.security.auth.login.password", "");
                }
             }
@@ -307,8 +311,37 @@
             }
             else
             {
-               identity = new KerberosPrincipal(gssContext.getSrcName().toString());
+               String fullName = gssContext.getSrcName().toString();
+               String realmPart = "@" + cutOffDomain;
+               if (cutOffDomain != null && fullName.endsWith(realmPart))
+               {
+                  final String userName = fullName.substring(0, fullName.indexOf(realmPart));
+                  identity = new Principal()
+                  {
 
+                     public String getName()
+                     {
+                        return userName;
+                     }
+
+                     @Override
+                     public String toString()
+                     {
+                        return userName;
+                     }
+
+                     @Override
+                     public int hashCode()
+                     {
+                        return userName.hashCode();
+                     }
+                  };
+               }
+               else
+               {
+                  identity = new KerberosPrincipal(fullName);
+               }
+
                log.debug("context.getCredDelegState() = " + gssContext.getCredDelegState());
                log.debug("context.getMutualAuthState() = " + gssContext.getMutualAuthState());
                log.debug("context.getSrcName() = " + gssContext.getSrcName().toString());