diff --git a/lib/kadm5/libkadm5srv-exports.def b/lib/kadm5/libkadm5srv-exports.def
index 50b03cfa7..dca88da2d 100644
--- a/lib/kadm5/libkadm5srv-exports.def
+++ b/lib/kadm5/libkadm5srv-exports.def
@@ -2,6 +2,7 @@ EXPORTS
 ;!	kadm5_ad_init_with_password
 ;!	kadm5_ad_init_with_password_ctx
 	kadm5_add_passwd_quality_verifier
+	kadm5_all_keys_are_bogus
 	kadm5_check_password_quality
 	kadm5_chpass_principal
 	kadm5_chpass_principal_3
@@ -43,6 +44,7 @@ EXPORTS
         kadm5_setkey_principal
         kadm5_setkey_principal_3
 	kadm5_setup_passwd_quality_check
+	kadm5_some_keys_are_bogus
 	kadm5_store_key_data
 	kadm5_store_principal_ent
 	kadm5_store_principal_ent_mask
diff --git a/lib/kadm5/marshall.c b/lib/kadm5/marshall.c
index 4a726dbaf..250b2def9 100644
--- a/lib/kadm5/marshall.c
+++ b/lib/kadm5/marshall.c
@@ -35,6 +35,39 @@
 
 RCSID("$Id$");
 
+int
+kadm5_some_keys_are_bogus(size_t n_keys, krb5_key_data *keys)
+{
+    size_t i;
+
+    for (i = 0; i < n_keys; i++) {
+	krb5_key_data *key = &keys[i];
+	if (key->key_data_length[0] == sizeof(KADM5_BOGUS_KEY_DATA) - 1 &&
+	    ct_memcmp(key->key_data_contents[1], KADM5_BOGUS_KEY_DATA,
+		      key->key_data_length[0]) == 0)
+	    return 1;
+    }
+    return 0;
+}
+
+int
+kadm5_all_keys_are_bogus(size_t n_keys, krb5_key_data *keys)
+{
+    size_t i;
+
+    if (n_keys == 0)
+	return 0;
+
+    for (i = 0; i < n_keys; i++) {
+	krb5_key_data *key = &keys[i];
+	if (key->key_data_length[0] != sizeof(KADM5_BOGUS_KEY_DATA) - 1 ||
+	    ct_memcmp(key->key_data_contents[1], KADM5_BOGUS_KEY_DATA,
+		      key->key_data_length[0]) != 0)
+	    return 0;
+    }
+    return 1;
+}
+
 kadm5_ret_t
 kadm5_store_key_data(krb5_storage *sp,
 		     krb5_key_data *key)
diff --git a/lib/kadm5/version-script-client.map b/lib/kadm5/version-script-client.map
index 4cfb0798c..de0ed6749 100644
--- a/lib/kadm5/version-script-client.map
+++ b/lib/kadm5/version-script-client.map
@@ -5,6 +5,7 @@ HEIMDAL_KADM5_CLIENT_1.0 {
 		initialize_kadm5_error_table_r;
 		kadm5_ad_init_with_password;
 		kadm5_ad_init_with_password_ctx;
+		kadm5_all_keys_are_bogus;
 		kadm5_c_chpass_principal;
 		kadm5_c_chpass_principal_with_key;
 		kadm5_c_create_principal;
@@ -48,6 +49,7 @@ HEIMDAL_KADM5_CLIENT_1.0 {
 		kadm5_ret_principal_ent;
 		kadm5_ret_principal_ent_mask;
 		kadm5_ret_tl_data;
+		kadm5_some_keys_are_bogus;
 		kadm5_store_key_data;
 		kadm5_store_principal_ent;
 		kadm5_store_principal_ent_mask;
diff --git a/lib/kadm5/version-script.map b/lib/kadm5/version-script.map
index 9bf751d87..fa8749bff 100644
--- a/lib/kadm5/version-script.map
+++ b/lib/kadm5/version-script.map
@@ -4,6 +4,7 @@ HEIMDAL_KAMD5_SERVER_1.0 {
 	global:
 		kadm5_ad_init_with_password;
 		kadm5_ad_init_with_password_ctx;
+		kadm5_all_keys_are_bogus;
 		kadm5_add_passwd_quality_verifier;
 		kadm5_check_password_quality;
 		kadm5_chpass_principal;
@@ -46,6 +47,7 @@ HEIMDAL_KAMD5_SERVER_1.0 {
 		kadm5_setup_passwd_quality_check;
 		kadm5_setkey_principal;
 		kadm5_setkey_principal_3;
+		kadm5_some_keys_are_bogus;
 		kadm5_store_key_data;
 		kadm5_store_principal_ent;
 		kadm5_store_principal_ent_mask;