diff --git a/lib/krb5/mk_priv.c b/lib/krb5/mk_priv.c
index 89664188c..7005162a4 100644
--- a/lib/krb5/mk_priv.c
+++ b/lib/krb5/mk_priv.c
@@ -14,13 +14,9 @@ krb5_mk_priv(krb5_context context,
   EncKrbPrivPart part;
   struct timeval tv;
   unsigned usec;
-  krb5_addresses addr;
   u_char buf[1024];
   size_t len;
-
-  r = krb5_get_all_client_addrs (&addr);
-  if (r)
-    return r;
+  unsigned tmp_seq;
 
   part.user_data = *userdata;
   gettimeofday (&tv, NULL);
@@ -28,16 +24,16 @@ krb5_mk_priv(krb5_context context,
   part.timestamp  = &tv.tv_sec;
   part.usec       = &usec;
   if (auth_context->flags & KRB5_AUTH_CONTEXT_DO_SEQUENCE) {
-    part.seq_number = malloc(sizeof(*part.seq_number));
-    *(part.seq_number) = ++auth_context->local_seqnumber;
-  } else 
+    tmp_seq = ++auth_context->local_seqnumber;
+    part.seq_number = &tmp_seq;
+  } else {
     part.seq_number = NULL;
-  part.s_address.addr_type = addr.val[0].addr_type;
-  part.s_address.address   = addr.val[0].address;
-  part.r_address = NULL;
+  }
+
+  part.s_address = auth_context->local_address;
+  part.r_address = auth_context->remote_address;
 
   r = encode_EncKrbPrivPart (buf + sizeof(buf) - 1, sizeof(buf), &part, &len);
-  free (part.seq_number);
   if (r)
       return r;
 
diff --git a/lib/krb5/mk_safe.c b/lib/krb5/mk_safe.c
index ce9590870..7df82789c 100644
--- a/lib/krb5/mk_safe.c
+++ b/lib/krb5/mk_safe.c
@@ -13,22 +13,18 @@ krb5_mk_safe(krb5_context context,
   KRB_SAFE s;
   struct timeval tv;
   unsigned usec;
-  krb5_addresses addr;
   u_char buf[1024];
   size_t len;
+  unsigned tmp_seq;
 
   r = krb5_create_checksum (context,
-			    CKSUMTYPE_RSA_MD4,
+			    auth_context->cksumtype,
 			    userdata->data,
 			    userdata->length,
 			    &s.cksum);
   if (r)
     return r;
 
-  r = krb5_get_all_client_addrs (&addr);
-  if (r)
-    return r;
-
   s.pvno = 5;
   s.msg_type = krb_safe;
   s.safe_body.user_data = *userdata;
@@ -37,15 +33,15 @@ krb5_mk_safe(krb5_context context,
   s.safe_body.timestamp  = &tv.tv_sec;
   s.safe_body.usec       = &usec;
   if (auth_context->flags & KRB5_AUTH_CONTEXT_DO_SEQUENCE) {
-    s.safe_body.seq_number = malloc(sizeof(*s.safe_body.seq_number));
-    *(s.safe_body.seq_number) = ++auth_context->local_seqnumber;
+      tmp_seq = ++auth_context->local_seqnumber;
+      s.safe_body.seq_number = &tmp_seq;
   } else 
-    s.safe_body.seq_number = NULL;
-  s.safe_body.s_address = addr.val[0];
-  s.safe_body.r_address = NULL;
+      s.safe_body.seq_number = NULL;
+
+  s.safe_body.s_address = auth_context->local_address;
+  s.safe_body.r_address = auth_context->remote_address;
 
   r = encode_KRB_SAFE (buf + sizeof(buf) - 1, sizeof(buf), &s, &len);
-  free(s.safe_body.seq_number);
   if (r)
     return r;
   outbuf->length = len;