diff --git a/nixos/modules/services/system/kerberos.nix b/nixos/modules/services/system/kerberos.nix
index d151385d2f9..e2c45ed64ac 100644
--- a/nixos/modules/services/system/kerberos.nix
+++ b/nixos/modules/services/system/kerberos.nix
@@ -42,7 +42,7 @@ in
         protocol = "tcp";
         user = "root";
         server = "${pkgs.tcp_wrappers}/bin/tcpd";
-        serverArgs = "${pkgs.heimdalFull}/bin/kadmind";
+        serverArgs = "${pkgs.heimdalFull}/libexec/heimdal/kadmind";
       };
 
     systemd.services.kdc = {
@@ -51,13 +51,13 @@ in
       preStart = ''
         mkdir -m 0755 -p ${stateDir}
       '';
-      script = "${heimdalFull}/bin/kdc";
+      script = "${heimdalFull}/libexec/heimdal/kdc";
     };
 
     systemd.services.kpasswdd = {
       description = "Kerberos Password Changing daemon";
       wantedBy = [ "multi-user.target" ];
-      script = "${heimdalFull}/bin/kpasswdd";
+      script = "${heimdalFull}/libexec/heimdal/kpasswdd";
     };
   };
 
diff --git a/pkgs/development/libraries/kerberos/heimdal.nix b/pkgs/development/libraries/kerberos/heimdal.nix
index 24adb2a141e..5b92458d89e 100644
--- a/pkgs/development/libraries/kerberos/heimdal.nix
+++ b/pkgs/development/libraries/kerberos/heimdal.nix
@@ -2,16 +2,11 @@
 , texinfo, perlPackages
 , openldap, libcap_ng, sqlite, openssl, db, libedit, pam
 , CoreFoundation, Security, SystemConfiguration
-# Extra Args
-, type ? ""
 }:
 
-let
-  libOnly = type == "lib";
-in
 with stdenv.lib;
 stdenv.mkDerivation rec {
-  name = "${type}heimdal-${version}";
+  name = "heimdal-${version}";
   version = "7.5.0";
 
   src = fetchFromGitHub {
@@ -21,28 +16,31 @@ stdenv.mkDerivation rec {
     sha256 = "1j38wjj4k0q8vx168k3d3k0fwa8j1q5q8f2688nnx1b9qgjd6w1d";
   };
 
+  outputs = [ "out" "dev" "man" "info" ];
+
   patches = [ ./heimdal-make-missing-headers.patch ];
 
-  nativeBuildInputs = [ autoreconfHook pkgconfig python2 perl yacc flex ]
-    ++ (with perlPackages; [ JSON ])
-    ++ optional (!libOnly) texinfo;
+  nativeBuildInputs = [ autoreconfHook pkgconfig python2 perl yacc flex texinfo ]
+    ++ (with perlPackages; [ JSON ]);
   buildInputs = optionals (stdenv.isLinux) [ libcap_ng ]
-    ++ [ db sqlite openssl libedit ]
-    ++ optionals (stdenv.isDarwin) [ CoreFoundation Security SystemConfiguration ]
-    ++ optionals (!libOnly) [ openldap pam ];
+    ++ [ db sqlite openssl libedit openldap pam]
+    ++ optionals (stdenv.isDarwin) [ CoreFoundation Security SystemConfiguration ];
 
   ## ugly, X should be made an option
   configureFlags = [
     "--sysconfdir=/etc"
     "--localstatedir=/var"
+    "--infodir=$info/share/info"
     "--enable-hdb-openldap-module"
     "--with-sqlite3=${sqlite.dev}"
-    "--with-libedit=${libedit}"
+
+  # ugly, --with-libedit is not enought, it fall back to bundled libedit
+    "--with-libedit-include=${libedit.dev}/include"
+    "--with-libedit-lib=${libedit}/lib"
     "--with-openssl=${openssl.dev}"
     "--without-x"
     "--with-berkeley-db"
     "--with-berkeley-db-include=${db.dev}/include"
-  ] ++ optionals (!libOnly) [
     "--with-openldap=${openldap.dev}"
   ] ++ optionals (stdenv.isLinux) [
     "--with-capng"
@@ -50,24 +48,17 @@ stdenv.mkDerivation rec {
 
   postUnpack = ''
     sed -i '/^DEFAULT_INCLUDES/ s,$, -I..,' source/cf/Makefile.am.common
+    sed -i -e 's/date/date --date="@$SOURCE_DATE_EPOCH"/' source/configure.ac 
   '';
 
-  buildPhase = optionalString libOnly ''
-    (cd include; make -j $NIX_BUILD_CORES)
-    (cd lib; make -j $NIX_BUILD_CORES)
-    (cd tools; make -j $NIX_BUILD_CORES)
-    (cd include/hcrypto; make -j $NIX_BUILD_CORES)
-    (cd lib/hcrypto; make -j $NIX_BUILD_CORES)
-  '';
-
-  installPhase = optionalString libOnly ''
-    (cd include; make -j $NIX_BUILD_CORES install)
-    (cd lib; make -j $NIX_BUILD_CORES install)
-    (cd tools; make -j $NIX_BUILD_CORES install)
-    (cd include/hcrypto; make -j $NIX_BUILD_CORES install)
-    (cd lib/hcrypto; make -j $NIX_BUILD_CORES install)
-    rm -rf $out/{libexec,sbin,share}
-    find $out/bin -type f | grep -v 'krb5-config' | xargs rm
+  preConfigure = ''
+    configureFlagsArray+=(
+      "--bindir=$out/bin"
+      "--sbindir=$out/sbin"
+      "--libexecdir=$out/libexec/heimdal"
+      "--mandir=$man/share/man"
+      "--infodir=$man/share/info"
+      "--includedir=$dev/include")
   '';
 
   # We need to build hcrypt for applications like samba
@@ -81,9 +72,15 @@ stdenv.mkDerivation rec {
     (cd include/hcrypto; make -j $NIX_BUILD_CORES install)
     (cd lib/hcrypto; make -j $NIX_BUILD_CORES install)
 
-    # Doesn't succeed with --libexec=$out/sbin, so
-    mv "$out/libexec/"* $out/sbin/
-    rmdir $out/libexec
+    # Do we need it?
+    rm $out/bin/su
+
+    mkdir -p $dev/bin
+    mv $out/bin/krb5-config $dev/bin/
+
+    # asn1 compilers, move them to $dev
+    mv $out/libexec/heimdal/heimdal/* $dev/bin
+    rmdir $out/libexec/heimdal/heimdal
   '';
 
   # Issues with hydra
diff --git a/pkgs/top-level/all-packages.nix b/pkgs/top-level/all-packages.nix
index f563f0dfe24..e3d59a5e6a9 100644
--- a/pkgs/top-level/all-packages.nix
+++ b/pkgs/top-level/all-packages.nix
@@ -9841,7 +9841,7 @@ with pkgs;
   heimdal = callPackage ../development/libraries/kerberos/heimdal.nix {
     inherit (darwin.apple_sdk.frameworks) CoreFoundation Security SystemConfiguration;
   };
-  libheimdal = heimdal.override { type = "lib"; };
+  libheimdal = heimdal;
 
   harfbuzz = callPackage ../development/libraries/harfbuzz {
     inherit (darwin.apple_sdk.frameworks) ApplicationServices CoreText;