diff --git a/.realmd.metadata b/.realmd.metadata
deleted file mode 100644
index 06ce7b9..0000000
--- a/.realmd.metadata
+++ /dev/null
@@ -1 +0,0 @@
-681f7f532daa62a08f2f2d6c9d4a1a04c4c793a3 SOURCES/realmd-0.17.1.tar.gz
diff --git a/SOURCES/0001-service-allow-multiple-names-and-_srv_-ad_server-opt.patch b/SOURCES/0001-service-allow-multiple-names-and-_srv_-ad_server-opt.patch
new file mode 100644
index 0000000..c2c8e3e
--- /dev/null
+++ b/SOURCES/0001-service-allow-multiple-names-and-_srv_-ad_server-opt.patch
@@ -0,0 +1,74 @@
+From 19923985b69ccd5f2a33a067bfc3ed020889377e Mon Sep 17 00:00:00 2001
+From: Sumit Bose <sbose@redhat.com>
+Date: Tue, 13 Jun 2023 18:02:52 +0200
+Subject: [PATCH 1/3] service: allow multiple names and _srv_ ad_server option
+
+realmd checks if the 'ad_server' option is set in sssd.conf before
+calling adcli to remove the host from the AD server. If set the value is
+used as value for dcli's '--domain-controller' option. But if multiple
+names are set in sssd.conf this currently fails because the whole string
+is used.
+
+With this patch the 'ad_server' option is properly evaluated and only
+the first domain controller name is used.
+---
+ service/realm-sssd-ad.c | 36 +++++++++++++++++++++++++++++++++++-
+ 1 file changed, 35 insertions(+), 1 deletion(-)
+
+diff --git a/service/realm-sssd-ad.c b/service/realm-sssd-ad.c
+index 2817e73..096b6c5 100644
+--- a/service/realm-sssd-ad.c
++++ b/service/realm-sssd-ad.c
+@@ -649,6 +649,40 @@ realm_sssd_ad_generic_finish (RealmKerberosMembership *realm,
+ 	return g_task_propagate_boolean (G_TASK (result), error);
+ }
+ 
++static gchar *get_ad_server_from_config (RealmKerberos *realm)
++{
++	RealmSssd *sssd = REALM_SSSD (realm);
++	RealmIniConfig *config;
++	const gchar *section;
++	gchar **servers;
++	gchar *tmp;
++	size_t c;
++	gchar *value = NULL;
++
++	config = realm_sssd_get_config (sssd);
++	section = realm_sssd_get_config_section (sssd);
++
++	if (section == NULL) {
++		return NULL;
++	}
++
++	servers = realm_ini_config_get_list (config, section, "ad_server", ",");
++	/* Only use the first server defined given in 'ad_server' and ignore
++	 * '_srv_'. */
++	if (servers != NULL) {
++		for (c = 0; servers[c] != NULL; c++) {
++			tmp = g_strstrip (servers[c]);
++			if (strcasecmp ("_srv_", tmp) != 0) {
++				value = g_strdup (tmp);
++				break;
++			}
++		}
++		g_strfreev (servers);
++	}
++
++	return value;
++}
++
+ static void
+ realm_sssd_ad_discover_myself (RealmKerberos *realm,
+                                RealmDisco *disco)
+@@ -665,7 +699,7 @@ realm_sssd_ad_discover_myself (RealmKerberos *realm,
+ 	if (section == NULL)
+ 		return;
+ 
+-	value = realm_ini_config_get (config, section, "ad_server");
++	value = get_ad_server_from_config (realm);
+ 	g_free (disco->explicit_server);
+ 	disco->explicit_server = value;
+ 
+-- 
+2.43.0
+
diff --git a/SOURCES/0001-tools-fix-ccache-handling-for-leave-operation.patch b/SOURCES/0001-tools-fix-ccache-handling-for-leave-operation.patch
new file mode 100644
index 0000000..01a3a2a
--- /dev/null
+++ b/SOURCES/0001-tools-fix-ccache-handling-for-leave-operation.patch
@@ -0,0 +1,69 @@
+From f648ae06012d1de137f12095d1bd7aaacb382042 Mon Sep 17 00:00:00 2001
+From: Sumit Bose <sbose@redhat.com>
+Date: Wed, 10 Jan 2024 09:18:20 +0100
+Subject: [PATCH] tools: fix ccache handling for leave operation
+
+krb5_cc_initialize() must be called before anything can be written into
+a ccache.
+
+While checking the available credential types the order/preference was
+not respected.
+
+Resolves: https://issues.redhat.com/browse/SSSD-6420
+---
+ tools/realm-client.c | 25 ++++++++++++++++---------
+ 1 file changed, 16 insertions(+), 9 deletions(-)
+
+diff --git a/tools/realm-client.c b/tools/realm-client.c
+index c386e64..06420ea 100644
+--- a/tools/realm-client.c
++++ b/tools/realm-client.c
+@@ -498,13 +498,16 @@ are_credentials_supported (GVariant *supported,
+ 	GVariantIter iter;
+ 	const gchar *type;
+ 	const gchar *owner;
+-
+-	g_variant_iter_init (&iter, supported);
+-	while (g_variant_iter_loop (&iter, "(&s&s)", &type, &owner)) {
+-		if (g_strcmp0 (credential_type_1, type) == 0 ||
+-		    g_strcmp0 (credential_type_2, type) == 0) {
+-			*ret_owner = owner;
+-			return type;
++	const gchar *list[] = {credential_type_1, credential_type_2, NULL};
++	size_t c;
++
++	for (c = 0; list[c] != NULL; c++) {
++		g_variant_iter_init (&iter, supported);
++		while (g_variant_iter_loop (&iter, "(&s&s)", &type, &owner)) {
++			if (g_strcmp0 (list[c], type) == 0) {
++				*ret_owner = owner;
++				return type;
++			}
+ 		}
+ 	}
+ 
+@@ -622,8 +625,6 @@ copy_to_ccache (krb5_context krb5,
+ 	memset (&mcred, 0, sizeof (mcred));
+ 	mcred.client = principal;
+ 	mcred.server = server;
+-	mcred.times.starttime = g_get_real_time () / G_TIME_SPAN_MILLISECOND;
+-	mcred.times.endtime = mcred.times.starttime;
+ 
+ 	code = krb5_cc_retrieve_cred (krb5, def_ccache, KRB5_TC_MATCH_TIMES,
+ 	                              &mcred, &creds);
+@@ -639,6 +640,12 @@ copy_to_ccache (krb5_context krb5,
+ 		return FALSE;
+ 	}
+ 
++	code = krb5_cc_initialize (krb5, ccache, creds.client);
++	if (code != 0) {
++		g_debug ("krb5_cc_initialize failed: %s", krb5_get_error_message (krb5, code));
++		return FALSE;
++	}
++
+ 	code = krb5_cc_store_cred (krb5, ccache, &creds);
+ 	krb5_free_cred_contents (krb5, &creds);
+ 
+-- 
+2.43.0
+
diff --git a/SOURCES/0002-service-fix-error-message-when-removing-host-from-AD.patch b/SOURCES/0002-service-fix-error-message-when-removing-host-from-AD.patch
new file mode 100644
index 0000000..c5968d3
--- /dev/null
+++ b/SOURCES/0002-service-fix-error-message-when-removing-host-from-AD.patch
@@ -0,0 +1,88 @@
+From d691c679c1531b3eb457c494141bafdc4e0bc692 Mon Sep 17 00:00:00 2001
+From: Sumit Bose <sbose@redhat.com>
+Date: Fri, 1 Dec 2023 12:14:06 +0100
+Subject: [PATCH 2/3] service: fix error message when removing host from AD
+
+If there is an error while trying to remove the host from AD with the
+help of adcli the error message talks about "joining" which might be
+irritating when figuring out the reason for the failure. This patch
+adds a better message when leaving the domain.
+---
+ service/realm-adcli-enroll.c | 34 +++++++++++++++++++++++++++-------
+ 1 file changed, 27 insertions(+), 7 deletions(-)
+
+diff --git a/service/realm-adcli-enroll.c b/service/realm-adcli-enroll.c
+index e0d752b..c913987 100644
+--- a/service/realm-adcli-enroll.c
++++ b/service/realm-adcli-enroll.c
+@@ -25,9 +25,10 @@
+ #include "realm-settings.h"
+ 
+ static void
+-on_join_process (GObject *source,
+-                 GAsyncResult *result,
+-                 gpointer user_data)
++on_join_leave_process (GObject *source,
++                       GAsyncResult *result,
++                       gpointer user_data,
++                       gboolean is_join)
+ {
+ 	GTask *task = G_TASK (user_data);
+ 	GError *error = NULL;
+@@ -39,15 +40,18 @@ on_join_process (GObject *source,
+ 		switch (status) {
+ 		case 2: /* ADCLI_ERR_UNEXPECTED */
+ 			g_set_error (&error, REALM_ERROR, REALM_ERROR_INTERNAL,
+-			             "Internal unexpected error joining the domain");
++			             is_join ? "Internal unexpected error joining the domain"
++			                     : "Internal unexpected error removing host from the domain");
+ 			break;
+ 		case 6: /* ADCLI_ERR_CREDENTIALS */
+ 			g_set_error (&error, REALM_ERROR, REALM_ERROR_AUTH_FAILED,
+-			             "Insufficient permissions to join the domain");
++			             is_join ? "Insufficient permissions to join the domain"
++			                     : "Insufficient permissions to remove the host from the domain");
+ 			break;
+ 		default:
+ 			g_set_error (&error, REALM_ERROR, REALM_ERROR_FAILED,
+-			             "Failed to join the domain");
++			             is_join ? "Failed to join the domain"
++			                     : "Failed to remove the host from the domain");
+ 			break;
+ 		}
+ 	}
+@@ -64,6 +68,22 @@ on_join_process (GObject *source,
+ 	g_object_unref (task);
+ }
+ 
++static void
++on_join_process (GObject *source,
++                 GAsyncResult *result,
++                 gpointer user_data)
++{
++	on_join_leave_process (source, result, user_data, TRUE);
++}
++
++static void
++on_leave_process (GObject *source,
++                  GAsyncResult *result,
++                  gpointer user_data)
++{
++	on_join_leave_process (source, result, user_data, FALSE);
++}
++
+ void
+ realm_adcli_enroll_join_async (RealmDisco *disco,
+                                RealmCredential *cred,
+@@ -290,7 +310,7 @@ realm_adcli_enroll_delete_async (RealmDisco *disco,
+ 	g_ptr_array_add (args, NULL);
+ 
+ 	realm_command_runv_async ((gchar **)args->pdata, environ, input,
+-	                          invocation, on_join_process,
++	                          invocation, on_leave_process,
+ 	                          g_object_ref (task));
+ 
+ 	g_ptr_array_free (args, TRUE);
+-- 
+2.43.0
+
diff --git a/SOURCES/0003-doc-fix-reference-in-realmd.conf-man-page.patch b/SOURCES/0003-doc-fix-reference-in-realmd.conf-man-page.patch
new file mode 100644
index 0000000..a03a09a
--- /dev/null
+++ b/SOURCES/0003-doc-fix-reference-in-realmd.conf-man-page.patch
@@ -0,0 +1,26 @@
+From 56aedbceec3e6ff0d6142a16ca0c343c523b6d7a Mon Sep 17 00:00:00 2001
+From: Sumit Bose <sbose@redhat.com>
+Date: Fri, 1 Dec 2023 13:07:10 +0100
+Subject: [PATCH 3/3] doc: fix reference in realmd.conf man page
+
+---
+ doc/manual/realmd.conf.xml | 3 ++-
+ 1 file changed, 2 insertions(+), 1 deletion(-)
+
+diff --git a/doc/manual/realmd.conf.xml b/doc/manual/realmd.conf.xml
+index 72b706c..ad17639 100644
+--- a/doc/manual/realmd.conf.xml
++++ b/doc/manual/realmd.conf.xml
+@@ -110,7 +110,8 @@ default-client = sssd
+ 		</para>
+ 
+ 		<para>Some callers of <command>realmd</command> such as the
+-		<link linkend="realm"><command>realm</command></link>
++		<citerefentry><refentrytitle>realm</refentrytitle>
++		<manvolnum>8</manvolnum></citerefentry>
+ 		command line tool allow specifying which client software should
+ 		be used. Others, such as GNOME Control Center, simplify choose
+ 		the default.</para>
+-- 
+2.43.0
+
diff --git a/SPECS/realmd.spec b/SPECS/realmd.spec
index f0710ed..658419d 100644
--- a/SPECS/realmd.spec
+++ b/SPECS/realmd.spec
@@ -1,11 +1,16 @@
 Name:    realmd
 Version: 0.17.1
-Release: 1%{?dist}
+Release: 2%{?dist}
 Summary: Kerberos realm enrollment service
-License: LGPLv2+
+License: LGPL-2.1-or-later
 URL:     https://gitlab.freedesktop.org/realmd/realmd
 Source0: https://gitlab.freedesktop.org/realmd/realmd/uploads/204d05bd487908ece2ce2705a01d2b26/realmd-%{version}.tar.gz
 
+Patch0001: 0001-service-allow-multiple-names-and-_srv_-ad_server-opt.patch
+Patch0002: 0002-service-fix-error-message-when-removing-host-from-AD.patch
+Patch0003: 0003-doc-fix-reference-in-realmd.conf-man-page.patch
+Patch0004: 0001-tools-fix-ccache-handling-for-leave-operation.patch
+
 ### Downstream Patches ###
 # In RHEL the RHEL the FreeIPA packages are call only ipa-* while upstream is
 # using freeipa-*, the following patch applies the needed changes.
@@ -61,13 +66,13 @@ autoreconf -fi
 %endif
     %{nil}
 
-make %{?_smp_mflags}
+%make_build
 
 %check
 make check
 
 %install
-make install DESTDIR=%{buildroot}
+%make_install
 
 %find_lang realmd
 
@@ -100,6 +105,14 @@ make install DESTDIR=%{buildroot}
 %doc ChangeLog
 
 %changelog
+* Tue Feb 20 2024 Sumit Bose <sbose@redhat.com> - 0.17.1-2
+- Use make macros https://fedoraproject.org/wiki/Changes/UseMakeBuildInstallMacro
+- migrated to SPDX license
+- allow multiple names and _srv_ ad_server option
+  Resolves: RHEL-12113
+- fix ccache handling for leave operation
+  Resolves: RHEL-26166
+
 * Fri Oct 21 2022 Sumit Bose <sbose@redhat.com> - 0.17.1-1
 - Update to upstream release 0.17.1
   Resolves: rhbz#2133841