diff --git a/driver/src/main/java/org/neo4j/driver/v1/AuthTokens.java b/driver/src/main/java/org/neo4j/driver/v1/AuthTokens.java
index ccb59b3339..929f137cfc 100644
--- a/driver/src/main/java/org/neo4j/driver/v1/AuthTokens.java
+++ b/driver/src/main/java/org/neo4j/driver/v1/AuthTokens.java
@@ -76,6 +76,7 @@ public static AuthToken kerberos( String base64EncodedTicket )
     {
         return new InternalAuthToken( parameters(
                 "scheme", "kerberos",
+                "principal", "", //This empty string is required for backwards compatibility.
                 "credentials", base64EncodedTicket).asMap( Values.ofValue() ) );
     }
 
diff --git a/driver/src/test/java/org/neo4j/driver/v1/AuthTokensTest.java b/driver/src/test/java/org/neo4j/driver/v1/AuthTokensTest.java
index 1f91d99c14..fa31f304a3 100644
--- a/driver/src/test/java/org/neo4j/driver/v1/AuthTokensTest.java
+++ b/driver/src/test/java/org/neo4j/driver/v1/AuthTokensTest.java
@@ -98,4 +98,16 @@ public void customAuthParameters()
         assertThat( map.get( "realm" ), equalTo( (Value) new StringValue( "baz" ) ) );
         assertThat( map.get( "parameters" ), equalTo( (Value) new MapValue( expectedParameters ) ) );
     }
+
+    @Test
+    public void basicKerberosAuthWithRealm()
+    {
+        InternalAuthToken token = (InternalAuthToken) AuthTokens.kerberos( "base64" );
+        Map<String,Value> map = token.toMap();
+
+        assertThat( map.size(), equalTo( 3 ) );
+        assertThat( map.get( "scheme" ), equalTo( (Value) new StringValue( "kerberos" ) ) );
+        assertThat( map.get( "principal" ), equalTo( (Value) new StringValue( "" ) ) );
+        assertThat( map.get( "credentials" ), equalTo( (Value) new StringValue( "base64" ) ) );
+    }
 }