diff --git a/Krb5-1.9-nopriv.patch b/Krb5-1.9-nopriv.patch
new file mode 100644
index 0000000..6b76036
--- /dev/null
+++ b/Krb5-1.9-nopriv.patch
@@ -0,0 +1,55 @@
+diff --git a/Krb5.xs b/Krb5.xs
+index 478422e..2591b83 100644
+--- a/Krb5.xs
++++ b/Krb5.xs
+@@ -5,8 +5,6 @@ extern "C" {
+ #include "perl.h"
+ #include "XSUB.h"
+ 
+-/* We currently provide some private functions and probably shouldn't. */
+-#define KRB5_PRIVATE 1
+ #include <krb5.h>
+ 
+ /* Recent versions of Kerberos include com_err on their own.  Uncomment if you
+@@ -46,14 +44,6 @@ static krb5_error_code err;
+ static krb5_keytab_entry keytab_entry_init;
+ 
+ /*
+- * These are internal Kerberos library functions that aren't prototyped and
+- * that we probably shouldn't be calling.  Prototype them with the arguments
+- * we expect and leave them for now pending an API cleanup.
+- */
+-krb5_error_code krb5_free_krbhst(krb5_context, char * const *);
+-krb5_error_code krb5_get_krbhst(krb5_context, const krb5_data *, char ***);
+-
+-/*
+  * The following three routines implement a "safehouse" for nested Kerberos
+  * data structures which shouldn't be freed before their parent data
+  * structures are freed.  Without this, "Bad free() ignored" errors as well
+@@ -176,26 +166,6 @@ krb5_get_host_realm(host)
+ 	}
+ 	krb5_free_host_realm(context,realmlist);
+ 
+-void
+-krb5_get_krbhst(realm)
+-	char *realm
+-
+-	PREINIT:
+-	krb5_data realm_data;
+-	char **hostlist;
+-	int i;
+-
+-	PPCODE:
+-	realm_data.data = realm;
+-	realm_data.length = strlen(realm);
+-	err = krb5_get_krbhst(context,&realm_data,&hostlist);
+-	if (err || !hostlist) XSRETURN_UNDEF;
+-	for (i = 0; hostlist[i]; i++) {
+-		XPUSHs(sv_2mortal(newSVpv(hostlist[i],
+-			strlen(hostlist[i]))));
+-	}
+-	krb5_free_krbhst(context,hostlist);
+-
+ Authen::Krb5::Principal
+ krb5_build_principal_ext(p)
+ 	Authen::Krb5::Principal p