diff --git a/admin/add.c b/admin/add.c
index b6e308518..e39a8782c 100644
--- a/admin/add.c
+++ b/admin/add.c
@@ -119,7 +119,7 @@ kt_add(int argc, char **argv)
 	kvno = atoi(buf);
     }
     if(password_string == NULL && random_flag == 0) {
-	if(des_read_pw_string(buf, sizeof(buf), "Password: ", 1))
+	if(UI_UTIL_read_pw_string(buf, sizeof(buf), "Password: ", 1))
 	    goto out;
 	password_string = buf;
     }
diff --git a/appl/ftp/ftp/cmds.c b/appl/ftp/ftp/cmds.c
index c9aa3ffa3..86b58ca1b 100644
--- a/appl/ftp/ftp/cmds.c
+++ b/appl/ftp/ftp/cmds.c
@@ -1303,7 +1303,7 @@ user(int argc, char **argv)
 	n = command("USER %s", argv[1]);
 	if (n == CONTINUE) {
 	    if (argc < 3 ) {
-		des_read_pw_string (tmp,
+		UI_UTIL_read_pw_string (tmp,
 				    sizeof(tmp),
 				    "Password: ", 0);
 		argv[2] = tmp;
@@ -1594,7 +1594,7 @@ account(int argc, char **argv)
 		}
 	}
 	else {
-	    des_read_pw_string(acct, sizeof(acct), "Account:", 0);
+	    UI_UTIL_read_pw_string(acct, sizeof(acct), "Account:", 0);
 	}
 	command("ACCT %s", acct);
 }
diff --git a/appl/ftp/ftp/ftp.c b/appl/ftp/ftp/ftp.c
index 675a46d71..7920946cc 100644
--- a/appl/ftp/ftp/ftp.c
+++ b/appl/ftp/ftp/ftp.c
@@ -219,7 +219,7 @@ login (char *host)
 	    }
 	    if (pass == NULL) {
 		pass = defaultpass;
-		des_read_pw_string (tmp, sizeof (tmp), prompt, 0);
+		UI_UTIL_read_pw_string (tmp, sizeof (tmp), prompt, 0);
 		if (tmp[0])
 		    pass = tmp;
 	    }
@@ -229,7 +229,7 @@ login (char *host)
     if (n == CONTINUE) {
 	aflag++;
 	acct = tmp;
-	des_read_pw_string (acct, 128, "Account:", 0);
+	UI_UTIL_read_pw_string (acct, 128, "Account:", 0);
 	n = command ("ACCT %s", acct);
     }
     if (n != COMPLETE) {
diff --git a/appl/otp/otp.c b/appl/otp/otp.c
index 6d68859b2..c9f8f53cb 100644
--- a/appl/otp/otp.c
+++ b/appl/otp/otp.c
@@ -91,7 +91,7 @@ renew (int argc, char **argv, OtpAlgorithm *alg, char *user)
 	      newctx.alg->name,
 	      newctx.n, 
 	      newctx.seed);
-    if (des_read_pw_string (pw, sizeof(pw), prompt, 0) == 0 &&
+    if (UI_UTIL_read_pw_string (pw, sizeof(pw), prompt, 0) == 0 &&
 	otp_parse (newctx.key, pw, alg) == 0) {
 	ctx = &newctx;
 	ret = 0;
@@ -126,7 +126,7 @@ verify_user_otp(char *username)
     }
 
     snprintf (prompt, sizeof(prompt), "%s's %s Password: ", username, ss);
-    if(des_read_pw_string(passwd, sizeof(passwd)-1, prompt, 0))
+    if(UI_UTIL_read_pw_string(passwd, sizeof(passwd)-1, prompt, 0))
 	return 1;
     return otp_verify_user (&ctx, passwd);
 }
@@ -153,7 +153,7 @@ set (int argc, char **argv, OtpAlgorithm *alg, char *user)
     strlcpy (ctx.seed, argv[1], sizeof(ctx.seed));
     strlwr(ctx.seed);
     do {
-	if (des_read_pw_string (pw, sizeof(pw), "Pass-phrase: ", 1))
+	if (UI_UTIL_read_pw_string (pw, sizeof(pw), "Pass-phrase: ", 1))
 	    return 1;
 	if (strlen (pw) < OTP_MIN_PASSPHRASE)
 	    printf ("Too short pass-phrase.  Use at least %d characters\n",
diff --git a/appl/otp/otpprint.c b/appl/otp/otpprint.c
index b8446b44c..85904759d 100644
--- a/appl/otp/otpprint.c
+++ b/appl/otp/otpprint.c
@@ -79,7 +79,7 @@ print (int argc,
       usage (1);
   n = atoi(argv[0]);
   seed = argv[1];
-  if (des_read_pw_string (pw, sizeof(pw), "Pass-phrase: ", 0))
+  if (UI_UTIL_read_pw_string (pw, sizeof(pw), "Pass-phrase: ", 0))
     return 1;
   alg->init (key, pw, seed);
   for (i = 0; i < n; ++i) {
diff --git a/appl/su/su.c b/appl/su/su.c
index 6602799d3..112ebde6c 100644
--- a/appl/su/su.c
+++ b/appl/su/su.c
@@ -299,7 +299,7 @@ krb_verify(const struct passwd *login_info,
 	asprintf (&prompt, 
 		  "%s's Password: ",
 		  krb_unparse_name_long (name, instance, realm));
-	if (des_read_pw_string (password, sizeof (password), prompt, 0)) {
+	if (UI_UTIL_read_pw_string (password, sizeof (password), prompt, 0)) {
 	    memset (password, 0, sizeof (password));
 	    free(prompt);
 	    return (1);
@@ -346,7 +346,7 @@ verify_unix(struct passwd *su)
     int r;
     if(su->pw_passwd != NULL && *su->pw_passwd != '\0') {
 	snprintf(prompt, sizeof(prompt), "%s's password: ", su->pw_name);
-	r = des_read_pw_string(pw_buf, sizeof(pw_buf), prompt, 0);
+	r = UI_UTIL_read_pw_string(pw_buf, sizeof(pw_buf), prompt, 0);
 	if(r != 0)
 	    exit(0);
 	pw = crypt(pw_buf, su->pw_passwd);
diff --git a/kadmin/cpw.c b/kadmin/cpw.c
index 325d6451e..37f6d906a 100644
--- a/kadmin/cpw.c
+++ b/kadmin/cpw.c
@@ -107,7 +107,7 @@ set_password (krb5_principal principal, char *password)
 	krb5_unparse_name(context, principal, &princ_name);
 	asprintf(&prompt, "%s's Password: ", princ_name);
 	free (princ_name);
-	ret = des_read_pw_string(pwbuf, sizeof(pwbuf), prompt, 1);
+	ret = UI_UTIL_read_pw_string(pwbuf, sizeof(pwbuf), prompt, 1);
 	free (prompt);
 	if(ret){
 	    return 0; /* XXX error code? */
diff --git a/kdc/kstash.c b/kdc/kstash.c
index ba3a4a861..55922ee8e 100644
--- a/kdc/kstash.c
+++ b/kdc/kstash.c
@@ -104,7 +104,7 @@ main(int argc, char **argv)
 	    buf[n] = '\0';
 	    buf[strcspn(buf, "\r\n")] = '\0';
 	} else {
-	    if(des_read_pw_string(buf, sizeof(buf), "Master key: ", 1))
+	    if(UI_UTIL_read_pw_string(buf, sizeof(buf), "Master key: ", 1))
 		exit(1);
 	}
 	krb5_string_to_key_salt(context, enctype, buf, salt, &key);
diff --git a/kdc/string2key.c b/kdc/string2key.c
index b45d0499a..1c1951b20 100644
--- a/kdc/string2key.c
+++ b/kdc/string2key.c
@@ -169,7 +169,7 @@ main(int argc, char **argv)
     if(argv[0])
 	password = argv[0];
     if(password == NULL){
-	if(des_read_pw_string(buf, sizeof(buf), "Password: ", 0))
+	if(UI_UTIL_read_pw_string(buf, sizeof(buf), "Password: ", 0))
 	    return 1;
 	password = buf;
     }
diff --git a/kpasswd/kpasswd.c b/kpasswd/kpasswd.c
index 6f71f8cf6..57f0aa842 100644
--- a/kpasswd/kpasswd.c
+++ b/kpasswd/kpasswd.c
@@ -79,7 +79,7 @@ change_password(krb5_context context,
     if (msg == NULL)
 	krb5_errx (context, 1, "out of memory");
 
-    ret = des_read_pw_string (pwbuf, sizeof(pwbuf), msg, 1);
+    ret = UI_UTIL_read_pw_string (pwbuf, sizeof(pwbuf), msg, 1);
     free(msg);
     if (name)
 	free(name);
diff --git a/kuser/kinit.c b/kuser/kinit.c
index 85ce70a5d..79ab9fe28 100644
--- a/kuser/kinit.c
+++ b/kuser/kinit.c
@@ -497,7 +497,7 @@ get_new_tickets(krb5_context context,
 	asprintf (&prompt, "%s's Password: ", p);
 	free (p);
 
-	if (des_read_pw_string(passwd, sizeof(passwd)-1, prompt, 0)){
+	if (UI_UTIL_read_pw_string(passwd, sizeof(passwd)-1, prompt, 0)){
 	    memset(passwd, 0, sizeof(passwd));
 	    exit(1);
 	}
diff --git a/lib/krb5/prompter_posix.c b/lib/krb5/prompter_posix.c
index 7e3e47b5d..645966e50 100644
--- a/lib/krb5/prompter_posix.c
+++ b/lib/krb5/prompter_posix.c
@@ -51,7 +51,7 @@ krb5_prompter_posix (krb5_context context,
 	fprintf (stderr, "%s\n", banner);
     for (i = 0; i < num_prompts; ++i) {
 	if (prompts[i].hidden) {
-	    if(des_read_pw_string(prompts[i].reply->data,
+	    if(UI_UTIL_read_pw_string(prompts[i].reply->data,
 				  prompts[i].reply->length,
 				  prompts[i].prompt,
 				  0))