diff --git a/neo4j/bolt/connection.py b/neo4j/bolt/connection.py
index 3b550ea68..b86e12098 100644
--- a/neo4j/bolt/connection.py
+++ b/neo4j/bolt/connection.py
@@ -164,7 +164,7 @@ def __init__(self, sock, **config):
             self.auth_dict = vars(basic_auth(*auth))
         else:
             try:
-                self.auth_dict = vars(config["auth"])
+                self.auth_dict = vars(auth)
             except (KeyError, TypeError):
                 raise TypeError("Cannot determine auth details from %r" % auth)
 
diff --git a/neo4j/v1/security.py b/neo4j/v1/security.py
index 8124f2fd3..f94058f10 100644
--- a/neo4j/v1/security.py
+++ b/neo4j/v1/security.py
@@ -103,6 +103,15 @@ def basic_auth(user, password, realm=None):
     return AuthToken("basic", user, password, realm)
 
 
+def kerberos_auth(base64_encoded_ticket):
+    """ Generate a kerberos auth token with the base64 encoded ticket
+
+    :param base64_encoded_ticket: a base64 encoded service ticket
+    :return: an authentication token that can be used to connect to Neo4j
+    """
+    return AuthToken("kerberos", "", base64_encoded_ticket)
+
+
 def custom_auth(principal, credentials, realm, scheme, **parameters):
     """ Generate a basic auth token for a given user and password.
 
diff --git a/test/unit/test_security.py b/test/unit/test_security.py
new file mode 100644
index 000000000..5112c6b7a
--- /dev/null
+++ b/test/unit/test_security.py
@@ -0,0 +1,56 @@
+#!/usr/bin/env python
+# -*- encoding: utf-8 -*-
+
+# Copyright (c) 2002-2017 "Neo Technology,"
+# Network Engine for Objects in Lund AB [http://neotechnology.com]
+#
+# This file is part of Neo4j.
+#
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+#
+#     http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+
+from unittest import TestCase
+from neo4j.v1.security import kerberos_auth, basic_auth, custom_auth
+
+class AuthTokenTestCase(TestCase):
+
+    def test_should_generate_kerberos_auth_token_correctly(self):
+        auth = kerberos_auth("I am a base64 service ticket")
+        assert auth.scheme == "kerberos"
+        assert auth.principal == ""
+        assert auth.credentials == "I am a base64 service ticket"
+        assert not auth.realm
+        assert not hasattr(auth, "parameters")
+
+    def test_should_generate_basic_auth_without_realm_correctly(self):
+        auth = basic_auth("molly", "meoooow")
+        assert auth.scheme == "basic"
+        assert auth.principal == "molly"
+        assert auth.credentials == "meoooow"
+        assert not auth.realm
+        assert not hasattr(auth, "parameters")
+
+    def test_should_generate_base_auth_with_realm_correctly(self):
+        auth = basic_auth("molly", "meoooow", "cat_caffe")
+        assert auth.scheme == "basic"
+        assert auth.principal == "molly"
+        assert auth.credentials == "meoooow"
+        assert auth.realm == "cat_caffe"
+        assert not hasattr(auth, "parameters")
+
+    def test_should_generate_custom_auth_correctly(self):
+        auth = custom_auth("molly", "meoooow", "cat_caffe", "cat", age="1", color="white")
+        assert auth.scheme == "cat"
+        assert auth.principal == "molly"
+        assert auth.credentials == "meoooow"
+        assert auth.realm == "cat_caffe"
+        assert auth.parameters == {"age": "1", "color": "white"}