diff --git a/lib/krb5/build_auth.c b/lib/krb5/build_auth.c
index f16c38efb..b943e1cb2 100644
--- a/lib/krb5/build_auth.c
+++ b/lib/krb5/build_auth.c
@@ -1,10 +1,10 @@
 #include <krb5_locl.h>
 #include <krb5_error.h>
-#include <md4.h>
 
 krb5_error_code
 krb5_build_authenticator (krb5_context context,
-			  krb5_principal client,
+			  krb5_auth_context auth_context,
+			  krb5_creds *cred,
 			  Checksum *cksum,
 			  Authenticator **auth_result,
 			  krb5_data *result)
@@ -12,18 +12,14 @@ krb5_build_authenticator (krb5_context context,
   struct timeval tv;
   Authenticator *auth = malloc(sizeof(*auth));
   char buf[1024];
-  unsigned char *p;
   int len;
-  struct md4 m;
-  u_int32_t crc;
+  krb5_error_code ret;
 
-  if (auth_result)
-    *auth_result = auth;
   auth->authenticator_vno = 5;
-  auth->crealm = malloc(client->realm.length + 1);
-  strncpy(auth->crealm, client->realm.data, client->realm.length);
-  auth->crealm[client->realm.length] = '\0';
-  krb5_principal2principalname(&auth->cname, client);
+  auth->crealm = malloc(cred->client->realm.length + 1);
+  strncpy(auth->crealm, cred->client->realm.data, cred->client->realm.length);
+  auth->crealm[cred->client->realm.length] = '\0';
+  krb5_principal2principalname(&auth->cname, cred->client);
 
   gettimeofday(&tv, NULL);
   auth->cusec = tv.tv_usec;
@@ -33,10 +29,34 @@ krb5_build_authenticator (krb5_context context,
   auth->authorization_data = NULL;
   auth->cksum = cksum;
 
+  /* XXX - Copy more to auth_context? */
+
+  if (auth_context) {
+    auth_context->authenticator->cusec = tv.tv_usec;
+    auth_context->authenticator->ctime = tv.tv_sec;
+  }
+
   memset (buf, 0, sizeof(buf));
+  len = encode_Authenticator (buf + sizeof(buf) - 1, sizeof(buf), auth);
+
+  ret = krb5_encrypt (context, buf + sizeof(buf) - len, len, &cred->session, result);
+
+  if (auth_result)
+    *auth_result = auth;
+  else
+    free (auth);
+  return ret;
+}
+#if 0
+
+  /*
   len = encode_Authenticator(buf + sizeof(buf) - 9,
 			     sizeof(buf) - 8 - 12,
 			     auth);
+
+			     */
+  
+
   p = buf + sizeof(buf) - 8 - len;
   
   p -= 12;
@@ -54,5 +74,7 @@ krb5_build_authenticator (krb5_context context,
   result->length = len;
   result->data = malloc(len);
   memcpy(result->data, p, len);
-  return 0;
+
 }
+
+#endif
diff --git a/lib/krb5/mk_rep.c b/lib/krb5/mk_rep.c
index 90e80f863..15fe37f94 100644
--- a/lib/krb5/mk_rep.c
+++ b/lib/krb5/mk_rep.c
@@ -22,10 +22,16 @@ krb5_mk_rep(krb5_context context,
   body.subkey = NULL;
   body.seq_number = NULL;
 
-  ap.enc_part.etype = 1;	/* XXX */
+  ap.enc_part.etype = (*auth_context)->key.keytype;
   ap.enc_part.kvno  = NULL;
   len = encode_EncAPRepPart (buf + sizeof(buf) - 1,
 			     sizeof(buf), &body);
+  ret = krb5_encrypt (context, buf + sizeof(buf) - len, len,
+		      &(*auth_context)->key, &ap.enc_part.cipher);
+  if (ret)
+    return ret;
+
+#if 0
   len += 12;			/* XXX */
   ap.enc_part.cipher.length = len;
   ap.enc_part.cipher.data   = malloc(len);
@@ -38,6 +44,7 @@ krb5_mk_rep(krb5_context context,
 		   ap.enc_part.cipher.data,
 		   ap.enc_part.cipher.length,
 		   schedule, &key, DES_ENCRYPT);
+#endif
 
   len = encode_AP_REP (buf + sizeof(buf) - 1,
 		       sizeof(buf), &ap);