diff --git a/wine-4.4/dlls/kerberos/krb5_ap.c b/wine-4.4/dlls/kerberos/krb5_ap.c
index 3827e5c..6949dc7 100644
--- a/wine-4.4/dlls/kerberos/krb5_ap.c
+++ b/wine-4.4/dlls/kerberos/krb5_ap.c
@@ -87,6 +87,9 @@ static ULONG kerberos_package_id;
 static LSA_DISPATCH_TABLE lsa_dispatch;
 
 #ifdef SONAME_LIBKRB5
+#ifdef __NetBSD__
+#define HEIMDAL
+#endif
 
 static void *libkrb5_handle;
 
@@ -101,7 +104,13 @@ MAKE_FUNCPTR(krb5_cc_store_cred);
 MAKE_FUNCPTR(krb5_cccol_cursor_free);
 MAKE_FUNCPTR(krb5_cccol_cursor_new);
 MAKE_FUNCPTR(krb5_cccol_cursor_next);
+#ifndef HEIMDAL
 MAKE_FUNCPTR(krb5_decode_ticket);
+#define p_krb5_creds_get_ticket_flags(creds) (creds)->ticket_flags
+#else
+MAKE_FUNCPTR(krb5_keyblock_get_enctype);
+MAKE_FUNCPTR(krb5_creds_get_ticket_flags);
+#endif
 MAKE_FUNCPTR(krb5_free_context);
 MAKE_FUNCPTR(krb5_free_cred_contents);
 MAKE_FUNCPTR(krb5_free_principal);
@@ -109,7 +118,9 @@ MAKE_FUNCPTR(krb5_free_ticket);
 MAKE_FUNCPTR(krb5_free_unparsed_name);
 MAKE_FUNCPTR(krb5_get_init_creds_opt_alloc);
 MAKE_FUNCPTR(krb5_get_init_creds_opt_free);
+#ifndef HEIMDAL
 MAKE_FUNCPTR(krb5_get_init_creds_opt_set_out_ccache);
+#endif
 MAKE_FUNCPTR(krb5_get_init_creds_password);
 MAKE_FUNCPTR(krb5_init_context);
 MAKE_FUNCPTR(krb5_is_config_principal);
@@ -142,7 +153,12 @@ static void load_krb5(void)
     LOAD_FUNCPTR(krb5_cccol_cursor_free)
     LOAD_FUNCPTR(krb5_cccol_cursor_new)
     LOAD_FUNCPTR(krb5_cccol_cursor_next)
+#ifndef HEIMDAL
     LOAD_FUNCPTR(krb5_decode_ticket)
+#else
+    LOAD_FUNCPTR(krb5_keyblock_get_enctype);
+    LOAD_FUNCPTR(krb5_creds_get_ticket_flags);
+#endif
     LOAD_FUNCPTR(krb5_free_context)
     LOAD_FUNCPTR(krb5_free_cred_contents)
     LOAD_FUNCPTR(krb5_free_principal)
@@ -150,7 +166,9 @@ static void load_krb5(void)
     LOAD_FUNCPTR(krb5_free_unparsed_name)
     LOAD_FUNCPTR(krb5_get_init_creds_opt_alloc)
     LOAD_FUNCPTR(krb5_get_init_creds_opt_free)
+#ifndef HEIMDAL
     LOAD_FUNCPTR(krb5_get_init_creds_opt_set_out_ccache)
+#endif
     LOAD_FUNCPTR(krb5_get_init_creds_password)
     LOAD_FUNCPTR(krb5_init_context)
     LOAD_FUNCPTR(krb5_is_config_principal)
@@ -252,13 +270,30 @@ static WCHAR *utf8_to_wstr(const char *utf8)
     return wstr;
 }
 
+static krb5_error_code get_enctype(krb5_creds *credentials, LONG *enctype)
+{
+#ifndef HEIMDAL
+	krb5_ticket *ticket;
+	krb5_error_code error;
+
+	error = p_krb5_decode_ticket(&credentials->ticket, &ticket);
+	if (error)
+		return error;
+
+	*enctype = ticket->enc_part.enctype;
+        p_krb5_free_ticket(context, ticket);
+#else
+        *enctype = p_krb5_keyblock_get_enctype(&credentials->session);
+#endif
+	return 0;
+}
+
 static NTSTATUS copy_tickets_from_cache(krb5_context context, krb5_ccache cache, struct ticket_info *info)
 {
     NTSTATUS status;
     krb5_cc_cursor cursor;
     krb5_error_code error;
     krb5_creds credentials;
-    krb5_ticket *ticket;
     char *name_with_realm, *name_without_realm, *realm_name;
     WCHAR *realm_nameW, *name_without_realmW;
 
@@ -356,9 +391,11 @@ static NTSTATUS copy_tickets_from_cache(krb5_context context, krb5_ccache cache,
         RtlSecondsSince1970ToTime(credentials.times.endtime, &info->info[info->count].EndTime);
         RtlSecondsSince1970ToTime(credentials.times.renew_till, &info->info[info->count].RenewTime);
 
-        info->info[info->count].TicketFlags = credentials.ticket_flags;
+        info->info[info->count].TicketFlags =
+	    p_krb5_creds_get_ticket_flags(&credentials);
 
-        error = p_krb5_decode_ticket(&credentials.ticket, &ticket);
+	error = get_enctype(&credentials, 
+	    &info->info[info->count].EncryptionType);
 
         p_krb5_free_unparsed_name(context, name_with_realm);
         p_krb5_free_unparsed_name(context, name_without_realm);
@@ -370,10 +407,6 @@ static NTSTATUS copy_tickets_from_cache(krb5_context context, krb5_ccache cache,
             break;
         }
 
-        info->info[info->count].EncryptionType = ticket->enc_part.enctype;
-
-        p_krb5_free_ticket(context, ticket);
-
         info->count++;
     }
 
@@ -905,7 +938,9 @@ static NTSTATUS init_creds( const SEC_WINNT_AUTH_IDENTITY_W *id )
     if ((err = p_krb5_parse_name_flags( ctx, user_at_domain, 0, &principal ))) goto done;
     if ((err = p_krb5_cc_default( ctx, &cache ))) goto done;
     if ((err = p_krb5_get_init_creds_opt_alloc( ctx, &options ))) goto done;
+#ifndef HEIMDAL
     if ((err = p_krb5_get_init_creds_opt_set_out_ccache( ctx, options, cache ))) goto done;
+#endif
     if ((err = p_krb5_get_init_creds_password( ctx, &creds, principal, password, 0, NULL, 0, NULL, 0 ))) goto done;
     if ((err = p_krb5_cc_initialize( ctx, cache, principal ))) goto done;
     if ((err = p_krb5_cc_store_cred( ctx, cache, &creds ))) goto done;
@@ -916,7 +951,9 @@ static NTSTATUS init_creds( const SEC_WINNT_AUTH_IDENTITY_W *id )
 done:
     if (cache) p_krb5_cc_close( ctx, cache );
     if (principal) p_krb5_free_principal( ctx, principal );
+#ifndef HEIMDAL
     if (options) p_krb5_get_init_creds_opt_free( ctx, options );
+#endif
     p_krb5_free_context( ctx );
     heap_free( user_at_domain );
     heap_free( password );