diff --git a/kadmin/init.c b/kadmin/init.c
index ede740d4a..18afbb04c 100644
--- a/kadmin/init.c
+++ b/kadmin/init.c
@@ -37,11 +37,14 @@
 #include "kadmin-commands.h"
 #include <kadm5/private.h>
 
+#define CRE_DUP_OK	1
+
 static kadm5_ret_t
 create_random_entry(krb5_principal princ,
 		    unsigned max_life,
 		    unsigned max_rlife,
-		    uint32_t attributes)
+		    uint32_t attributes,
+		    unsigned flags)
 {
     kadm5_principal_ent_rec ent;
     kadm5_ret_t ret;
@@ -78,6 +81,8 @@ create_random_entry(krb5_principal princ,
     /* Create the entry with a random password */
     ret = kadm5_create_principal(kadm_handle, &ent, mask, password);
     if(ret) {
+	if (ret == KADM5_DUP && (flags & CRE_DUP_OK))
+	    goto out;
 	krb5_warn(context, ret, "create_random_entry(%s): randkey failed",
 		  name);
 	goto out;
@@ -177,7 +182,7 @@ init(struct init_options *opt, int argc, char **argv)
 	if(ret)
 	    return 0;
 
-	create_random_entry(princ, max_life, max_rlife, 0);
+	create_random_entry(princ, max_life, max_rlife, 0, 0);
 	krb5_free_principal(context, princ);
 
 	if (opt->bare_flag)
@@ -198,13 +203,14 @@ init(struct init_options *opt, int argc, char **argv)
 			    KRB5_KDB_DISALLOW_POSTDATED|
 			    KRB5_KDB_DISALLOW_RENEWABLE|
 			    KRB5_KDB_DISALLOW_PROXIABLE|
-			    KRB5_KDB_REQUIRES_PRE_AUTH);
+			    KRB5_KDB_REQUIRES_PRE_AUTH,
+			    0);
 	krb5_free_principal(context, princ);
 
 	/* Create `kadmin/admin' */
 	krb5_make_principal(context, &princ, realm,
 			    "kadmin", "admin", NULL);
-	create_random_entry(princ, 60*60, 60*60, KRB5_KDB_REQUIRES_PRE_AUTH);
+	create_random_entry(princ, 60*60, 60*60, KRB5_KDB_REQUIRES_PRE_AUTH, 0);
 	krb5_free_principal(context, princ);
 
 	/* Create `changepw/kerberos' (for v4 compat) */
@@ -212,7 +218,7 @@ init(struct init_options *opt, int argc, char **argv)
 			    "changepw", "kerberos", NULL);
 	create_random_entry(princ, 60*60, 60*60,
 			    KRB5_KDB_DISALLOW_TGT_BASED|
-			    KRB5_KDB_PWCHANGE_SERVICE);
+			    KRB5_KDB_PWCHANGE_SERVICE, 0);
 
 	krb5_free_principal(context, princ);
 
@@ -221,14 +227,14 @@ init(struct init_options *opt, int argc, char **argv)
 			    "kadmin", "hprop", NULL);
 	create_random_entry(princ, 60*60, 60*60,
 			    KRB5_KDB_REQUIRES_PRE_AUTH|
-			    KRB5_KDB_DISALLOW_TGT_BASED);
+			    KRB5_KDB_DISALLOW_TGT_BASED, 0);
 	krb5_free_principal(context, princ);
 
 	/* Create `WELLKNOWN/ANONYMOUS' for anonymous as-req */
 	krb5_make_principal(context, &princ, realm,
 			    KRB5_WELLKNOWN_NAME, KRB5_ANON_NAME, NULL);
 	create_random_entry(princ, 60*60, 60*60,
-			    KRB5_KDB_REQUIRES_PRE_AUTH);
+			    KRB5_KDB_REQUIRES_PRE_AUTH, 0);
 	krb5_free_principal(context, princ);
 
 
@@ -238,7 +244,7 @@ init(struct init_options *opt, int argc, char **argv)
 	create_random_entry(princ, 60*60, 60*60,
 			    KRB5_KDB_REQUIRES_PRE_AUTH|
 			    KRB5_KDB_DISALLOW_TGT_BASED|
-			    KRB5_KDB_DISALLOW_ALL_TIX);
+			    KRB5_KDB_DISALLOW_ALL_TIX, CRE_DUP_OK);
 	krb5_free_principal(context, princ);
 
 	/* Create `default' */