In this instance I'd work with your application vendor to remove the reference to the private data structure. If there is some functionality your applications needs that we don't expose, talk to the MIT Kerberos team and see if you can work something out.