diff --git a/CHANGES b/CHANGES
index e24d008ba2a0914ee809edcd067c4d5b975637fa..0c6b474ec5f8ef4791a9a0aa0f89d97a63774416 100644
--- a/CHANGES
+++ b/CHANGES
@@ -47,6 +47,7 @@ OpenLDAP 2.4.17 Engineering
 	Fixed slapo-rwm entry free (ITS#6058)
 	Fixed slapo-rwm entry release (ITS#6081)
 	Fixed slapo-translucent entry gathering (ITS#6156)
+	Fixed contrib/smbk5pwd use of private functions (ITS#5535)
 	Build Environment
 		Added test056-monitor (ITS#5540)
 		Added test057-memberof-refint (ITS#5395)
diff --git a/contrib/slapd-modules/smbk5pwd/smbk5pwd.c b/contrib/slapd-modules/smbk5pwd/smbk5pwd.c
index 01e1b3b6ee19e8ce3d4cc0a65be692f2c949f41d..0909348137801905bbe24922e6076528cec8ad5a 100644
--- a/contrib/slapd-modules/smbk5pwd/smbk5pwd.c
+++ b/contrib/slapd-modules/smbk5pwd/smbk5pwd.c
@@ -421,6 +421,7 @@ static int smbk5pwd_exop_passwd(
 		krb5_error_code ret;
 		hdb_entry ent;
 		struct berval *keys;
+		size_t nkeys;
 		int kvno, i;
 		Attribute *a;
 
@@ -451,7 +452,9 @@ static int smbk5pwd_exop_passwd(
 				op->o_log_prefix, e->e_name.bv_val, 0 );
 		}
 
-		ret = _kadm5_set_keys(kadm_context, &ent, qpw->rs_new.bv_val);
+		ret = hdb_generate_key_set_password(context, ent.principal,
+			qpw->rs_new.bv_val, &ent.keys.val, &nkeys);
+		ent.keys.len = nkeys;
 		hdb_seal_keys(context, db, &ent);
 		krb5_free_principal( context, ent.principal );
 
@@ -470,7 +473,7 @@ static int smbk5pwd_exop_passwd(
 		}
 		BER_BVZERO( &keys[i] );
 
-		_kadm5_free_keys(kadm_context, ent.keys.len, ent.keys.val);
+		hdb_free_keys(context, ent.keys.len, ent.keys.val);
 
 		if ( i != ent.keys.len ) {
 			ber_bvarray_free( keys );