diff --git a/source4/kdc/mit_samba.c b/source4/kdc/mit_samba.c
index a51f18da0df..9f2d04d8dbc 100644
--- a/source4/kdc/mit_samba.c
+++ b/source4/kdc/mit_samba.c
@@ -230,9 +230,15 @@ static int mit_samba_update_pac_data(struct mit_samba_context *ctx,
 	NTSTATUS nt_status;
 	krb5_pac pac = NULL;
 	int ret;
+	struct samba_kdc_entry *skdc_entry = NULL;
+
+	if (client) {
+		skdc_entry = talloc_get_type_abort(client->ctx,
+						   struct samba_kdc_entry);
+	}
 
 	/* The user account may be set not to want the PAC */
-    	if (client && !samba_princ_needs_pac(client)) {
+	if (client && !samba_princ_needs_pac(skdc_entry)) {
 		return EINVAL;
 	}
 
diff --git a/source4/kdc/pac-glue.c b/source4/kdc/pac-glue.c
index 1558d2185f3..e51dbad6fc0 100644
--- a/source4/kdc/pac-glue.c
+++ b/source4/kdc/pac-glue.c
@@ -135,15 +135,13 @@ krb5_error_code samba_make_krb5_pac(krb5_context context,
 	return ret;
 }
 
-bool samba_princ_needs_pac(struct hdb_entry_ex *princ)
+bool samba_princ_needs_pac(struct samba_kdc_entry *skdc_entry)
 {
 
-	struct samba_kdc_entry *p = talloc_get_type(princ->ctx, struct samba_kdc_entry);
 	uint32_t userAccountControl;
 
-
 	/* The service account may be set not to want the PAC */
-	userAccountControl = ldb_msg_find_attr_as_uint(p->msg, "userAccountControl", 0);
+	userAccountControl = ldb_msg_find_attr_as_uint(skdc_entry->msg, "userAccountControl", 0);
 	if (userAccountControl & UF_NO_AUTH_DATA_REQUIRED) {
 		return false;
 	}
@@ -231,7 +229,7 @@ NTSTATUS samba_kdc_get_pac_blob(TALLOC_CTX *mem_ctx,
 	NTSTATUS nt_status;
 
 	/* The user account may be set not to want the PAC */
-	if ( ! samba_princ_needs_pac(client)) {
+	if ( ! samba_princ_needs_pac(p)) {
 		*_pac_blob = NULL;
 		return NT_STATUS_OK;
 	}
diff --git a/source4/kdc/pac-glue.h b/source4/kdc/pac-glue.h
index 0e1cdcd2f25..cc37f2ae5be 100644
--- a/source4/kdc/pac-glue.h
+++ b/source4/kdc/pac-glue.h
@@ -26,7 +26,7 @@ krb5_error_code samba_make_krb5_pac(krb5_context context,
 				    DATA_BLOB *deleg_blob,
 				    krb5_pac *pac);
 
-bool samba_princ_needs_pac(struct hdb_entry_ex *princ);
+bool samba_princ_needs_pac(struct samba_kdc_entry *skdc_entry);
 
 int samba_krbtgt_is_in_db(struct hdb_entry_ex *princ, bool *is_in_db, bool *is_untrusted);
 
diff --git a/source4/kdc/wdc-samba4.c b/source4/kdc/wdc-samba4.c
index 2f4945c312c..50a37fcdb1a 100644
--- a/source4/kdc/wdc-samba4.c
+++ b/source4/kdc/wdc-samba4.c
@@ -77,7 +77,7 @@ static krb5_error_code samba_wdc_reget_pac(void *priv, krb5_context context,
 	}
 
 	/* The user account may be set not to want the PAC */
-	if (!samba_princ_needs_pac(server)) {
+	if (!samba_princ_needs_pac(p)) {
 		talloc_free(mem_ctx);
 		return EINVAL;
 	}