diff --git a/gitosis/principals.py b/gitosis/principals.py
index 68cb8ce..223ba00 100644
--- a/gitosis/principals.py
+++ b/gitosis/principals.py
@@ -23,9 +23,11 @@ def serve_principal(sshUser, principals):
 
     if '@' in sshUser:
         for user in [ sshUser, sshUser.split('@')[0] ]:
-            print TEMPLATE % dict(user=user, principals=principals)
+            print TEMPLATE % dict(user=user,
+                                  principals=getAllowedSSHPrincipals(cfg))
     else:
-        print TEMPLATE % dict(user=sshUser, principals=principals)
+        print TEMPLATE % dict(user=sshUser,
+                              principals=util.getAllowedSSHPrincipals(cfg))
 
 
 class Main(app.App):
diff --git a/gitosis/util.py b/gitosis/util.py
index 4ec6bde..f0cd622 100644
--- a/gitosis/util.py
+++ b/gitosis/util.py
@@ -41,3 +41,10 @@ def getSSHPrincipalsPath(config):
     except (NoSectionError, NoOptionError):
         path = os.path.expanduser('~/.ssh/principals')
     return path
+
+def getAllowedSSHPrincipals(config):
+    try:
+        principals = config.get('gitosis', 'allowedPrincipals')
+    except (NoSectionError, NoOptionError):
+        principals = "git"
+    return path