diff --git a/include/kadm5/Makefile.am b/include/kadm5/Makefile.am
index c7bb38524..19d782e13 100644
--- a/include/kadm5/Makefile.am
+++ b/include/kadm5/Makefile.am
@@ -2,4 +2,5 @@
 
 include $(top_srcdir)/Makefile.am.common
 
-CLEANFILES = admin.h kadm5_err.h private.h kadm5-private.h kadm5-protos.h
+CLEANFILES = admin.h kadm5_err.h private.h
+CLEANFILES += kadm5-private.h kadm5-protos.h kadm5-pwcheck.h
diff --git a/kdc/kx509.c b/kdc/kx509.c
index eb757bb57..f6f8f8a3b 100644
--- a/kdc/kx509.c
+++ b/kdc/kx509.c
@@ -345,10 +345,24 @@ _kdc_do_kx509(krb5_context context,
 	ret = krb5_principal_compare(context, sprincipal, principal);
 	krb5_free_principal(context, principal);
 	if (ret != TRUE) {
+	    char *expected, *used;
+
+	    ret = krb5_unparse_name(context, sprincipal, &expected);
+	    if (ret)
+		goto out;
+	    ret = krb5_unparse_name(context, principal, &used);
+	    if (ret) {
+		krb5_xfree(expected);
+		goto out;
+	    }
+	    
 	    ret = KRB5KDC_ERR_SERVER_NOMATCH;
 	    krb5_set_error_message(context, ret,
-				   "User %s used wrong Kx509 service principal",
-				   cname);
+				   "User %s used wrong Kx509 service "
+				   "principal, expected: %s, used %s",
+				   cname, expected, used);
+	    krb5_xfree(expected);
+	    krb5_xfree(used);
 	    goto out;
 	}
     }
diff --git a/lib/krb5/send_to_kdc.c b/lib/krb5/send_to_kdc.c
index 87e6fb24f..a9be31e81 100644
--- a/lib/krb5/send_to_kdc.c
+++ b/lib/krb5/send_to_kdc.c
@@ -293,7 +293,7 @@ send_via_proxy (krb5_context context,
 	    continue;
 	rk_cloexec(s);
 	if (connect (s, a->ai_addr, a->ai_addrlen) < 0) {
-	    closesocket (s);
+	    rk_closesocket (s);
 	    continue;
 	}
 	break;
@@ -311,7 +311,7 @@ send_via_proxy (krb5_context context,
     }
     ret = send_and_recv_http(s, context->kdc_timeout,
 			     prefix, send_data, receive);
-    closesocket (s);
+    rk_closesocket (s);
     free(prefix);
     if(ret == 0 && receive->length != 0)
 	return 0;
@@ -420,7 +420,7 @@ krb5_sendto (krb5_context context,
 		     continue;
 		 rk_cloexec(fd);
 		 if (connect (fd, a->ai_addr, a->ai_addrlen) < 0) {
-		     closesocket (fd);
+		     rk_closesocket (fd);
 		     continue;
 		 }
 		 switch (hi->proto) {
@@ -437,7 +437,7 @@ krb5_sendto (krb5_context context,
 					      send_data, receive);
 		     break;
 		 }
-		 closesocket (fd);
+		 rk_closesocket (fd);
 		 if(ret == 0 && receive->length != 0)
 		     goto out;
 	     }