diff --git a/configure.ac b/configure.ac
index dd0dc5aa..ee5f5ad4 100644
--- a/configure.ac
+++ b/configure.ac
@@ -241,10 +241,10 @@ if test "$ss" != no; then
 	fi
 	AC_CHECK_LIB(ss, ss_perror, 
                      [SS_LIBS="-lss"
+                     SS_OBJS='${SS_OBJS}'
                      AC_DEFINE(HAVE_SS, 1, [Define if we are building with the ss library])],
 		     AS_IF([test "x$ss" != "xmaybe"], AC_MSG_ERROR(ss library not found)),
                      -lcom_err)
-        SS_OBJS='${SS_OBJS}'
 fi
 AC_SUBST(SS_LIBS)
 AC_SUBST(SS_OBJS)
diff --git a/h/internal.h b/h/internal.h
index b6e68048..7803be0d 100644
--- a/h/internal.h
+++ b/h/internal.h
@@ -83,6 +83,8 @@ extern int __Zephyr_server;	/* 0 if normal client, 1 if server or zhm */
 #ifdef HAVE_KRB5
 extern krb5_context Z_krb5_ctx;
 Code_t Z_krb5_lookup_cksumtype(krb5_enctype, krb5_cksumtype *);
+krb5_error_code Z_krb5_init_keyblock(krb5_context, krb5_enctype, size_t,
+        krb5_keyblock **);
 
 struct _Z_SessionKey {
     struct _Z_SessionKey    *next;
diff --git a/lib/ZDumpSession.c b/lib/ZDumpSession.c
index 01c4444c..92f805cc 100644
--- a/lib/ZDumpSession.c
+++ b/lib/ZDumpSession.c
@@ -42,7 +42,7 @@ ZDumpSession(char **buffer,
     for (key = Z_keys_head; key != NULL; key = key->next) {
 	num_keys++;
 	len += 4 + 4;  /* enctype, length */
-	len += key->keyblock->length;  /* contents */
+	len += Z_keylen(key->keyblock);  /* contents */
     }
 #endif
 
@@ -56,10 +56,10 @@ ZDumpSession(char **buffer,
 #ifdef HAVE_KRB5
     *((uint32_t *)ptr) = htonl(num_keys); ptr += 4;
     for (key = Z_keys_tail; key != NULL; key = key->prev) {
-	*((uint32_t*) ptr) = htonl(key->keyblock->enctype); ptr += 4;
-	*((uint32_t*) ptr) = htonl(key->keyblock->length); ptr += 4;
-	memcpy(ptr, key->keyblock->contents, key->keyblock->length);
-	ptr += key->keyblock->length;
+	*((uint32_t*) ptr) = htonl(Z_enctype(key->keyblock)); ptr += 4;
+	*((uint32_t*) ptr) = htonl(Z_keylen(key->keyblock)); ptr += 4;
+	memcpy(ptr, Z_keydata(key->keyblock), Z_keylen(key->keyblock));
+	ptr += Z_keylen(key->keyblock);
     }
 #endif
 
@@ -110,12 +110,12 @@ ZLoadSession(char *buffer, int len)
 	    free(key);
 	    return (EINVAL);
 	}
-	ret = krb5_init_keyblock(Z_krb5_ctx, enctype, keylength, &key->keyblock);
+	ret = Z_krb5_init_keyblock(Z_krb5_ctx, enctype, keylength, &key->keyblock);
 	if (ret) {
 	    free(key);
 	    return ret;
 	}
-	memcpy((char *)key->keyblock->contents, buffer, keylength);
+	memcpy((char *)Z_keydata(key->keyblock), buffer, keylength);
 	buffer += keylength; len -= keylength;
 	/* Just set recent times. It means we might not be able to
 	   retire the keys, but that's fine. */
diff --git a/lib/ZGetSender.c b/lib/ZGetSender.c
index 7f0ab237..8c6cfb3c 100644
--- a/lib/ZGetSender.c
+++ b/lib/ZGetSender.c
@@ -46,7 +46,11 @@ ZGetSender(void)
       if (!result) {
 	krb5_unparse_name(Z_krb5_ctx, principal, &prname);
 	sender = strdup(prname);
+#ifdef HAVE_KRB5_UNPARSE_NAME
 	krb5_free_unparsed_name(Z_krb5_ctx, prname);
+#else
+	free(prname);
+#endif
 	krb5_free_principal(Z_krb5_ctx, principal);
 	return sender;
       }
diff --git a/lib/ZMkAuth.c b/lib/ZMkAuth.c
index 63605f49..a7e8a911 100644
--- a/lib/ZMkAuth.c
+++ b/lib/ZMkAuth.c
@@ -126,10 +126,10 @@ Z_MakeAuthenticationSaveKey(register ZNotice_t *notice,
     keyblock = Z_credskey(creds);
 
     if (Z_keys_head &&
-	Z_keys_head->keyblock->enctype == keyblock->enctype &&
-	Z_keys_head->keyblock->length == keyblock->length &&
-	memcmp(Z_keys_head->keyblock->contents, keyblock->contents,
-	       keyblock->length) == 0) {
+	Z_enctype(Z_keys_head->keyblock) == Z_enctype(keyblock) &&
+	Z_keylen(Z_keys_head->keyblock) == Z_keylen(keyblock) &&
+	memcmp(Z_keydata(Z_keys_head->keyblock), Z_keydata(keyblock),
+	       Z_keylen(keyblock)) == 0) {
 	/*
 	 * Optimization: if the key hasn't changed, replace the current entry,
 	 * rather than make a new one.
diff --git a/lib/Zinternal.c b/lib/Zinternal.c
index ecee122f..bced68e3 100644
--- a/lib/Zinternal.c
+++ b/lib/Zinternal.c
@@ -99,6 +99,31 @@ Z_krb5_lookup_cksumtype(krb5_enctype e,
   }
   return KRB5_PROG_ETYPE_NOSUPP;
 }
+
+krb5_error_code
+Z_krb5_init_keyblock(krb5_context context,
+	krb5_enctype type,
+	size_t size,
+	krb5_keyblock **key)
+{
+#ifdef HAVE_KRB5_CREDS_KEYBLOCK_ENCTYPE
+	return krb5_init_keyblock(context, type, size, key);
+#else
+	krb5_error_code ret;
+	krb5_keyblock *tmp, tmp_ss;
+	tmp = &tmp_ss;
+
+	*key = NULL;
+	Z_enctype(tmp) = type;
+	Z_keylen(tmp) = size;
+	Z_keydata(tmp) = malloc(size);
+	if (!Z_keydata(tmp))
+		return ENOMEM;
+	ret =  krb5_copy_keyblock(context, tmp, key);
+	free(Z_keydata(tmp));
+	return ret;
+#endif
+}
 #endif /* HAVE_KRB5 */
 
 char __Zephyr_realm[REALM_SZ];
diff --git a/server/kstuff.c b/server/kstuff.c
index 5e4cf870..9984ef8b 100644
--- a/server/kstuff.c
+++ b/server/kstuff.c
@@ -689,33 +689,6 @@ static ZChecksum_t compute_rlm_checksum(ZNotice_t *notice,
 
     return checksum;
 }
-#endif
-
-#ifdef HAVE_KRB5
-krb5_error_code
-Z_krb5_init_keyblock(krb5_context context,
-	krb5_enctype type,
-	size_t size,
-	krb5_keyblock **key)
-{
-#ifdef HAVE_KRB5_CREDS_KEYBLOCK_ENCTYPE
-	return krb5_init_keyblock(context, type, size, key);
-#else
-	krb5_error_code ret;
-	krb5_keyblock *tmp, tmp_ss;
-	tmp = &tmp_ss;
-
-	*key = NULL;
-	Z_enctype(tmp) = type;
-	Z_keylen(tmp) = size;
-	Z_keydata(tmp) = malloc(size);
-	if (!Z_keydata(tmp))
-		return ENOMEM;
-	ret =  krb5_copy_keyblock(context, tmp, key);
-	free(Z_keydata(tmp));
-	return ret;
-#endif
-}
 
 void
 ZSetSession(krb5_keyblock *keyblock) {
diff --git a/server/zserver.h b/server/zserver.h
index b1b4bc83..25e4188b 100644
--- a/server/zserver.h
+++ b/server/zserver.h
@@ -37,8 +37,6 @@
 extern krb5_keyblock *__Zephyr_keyblock;
 #define ZGetSession() (__Zephyr_keyblock)
 void ZSetSession(krb5_keyblock *keyblock);
-krb5_error_code Z_krb5_init_keyblock(krb5_context, krb5_enctype, size_t,
-        krb5_keyblock **);
 #endif
 
 #ifdef HAVE_KRB4