diff --git a/lib/krb5/ticket.c b/lib/krb5/ticket.c
index 0b63ee026..04b8c464b 100644
--- a/lib/krb5/ticket.c
+++ b/lib/krb5/ticket.c
@@ -539,87 +539,6 @@ check_client_referral(krb5_context context,
 		      krb5_const_principal mapped,
 		      krb5_keyblock const * key)
 {
-    krb5_error_code ret;
-    PA_ClientCanonicalized canon;
-    krb5_crypto crypto;
-    krb5_data data;
-    PA_DATA *pa;
-    size_t len;
-    int i = 0;
-
-    if (rep->kdc_rep.padata == NULL)
-	goto noreferral;
-
-    pa = krb5_find_padata(rep->kdc_rep.padata->val,
-			  rep->kdc_rep.padata->len,
-			  KRB5_PADATA_CLIENT_CANONICALIZED, &i);
-    if (pa == NULL)
-	goto noreferral;
-
-    ret = decode_PA_ClientCanonicalized(pa->padata_value.data,
-					pa->padata_value.length,
-					&canon, &len);
-    if (ret) {
-	krb5_set_error_message(context, ret,
-			       N_("Failed to decode ClientCanonicalized "
-				  "from realm %s", ""), requested->realm);
-	return ret;
-    }
-
-    ASN1_MALLOC_ENCODE(PA_ClientCanonicalizedNames, data.data, data.length,
-		       &canon.names, &len, ret);
-    if (ret) {
-	free_PA_ClientCanonicalized(&canon);
-	return ret;
-    }
-    if (data.length != len)
-	krb5_abortx(context, "internal asn.1 error");
-
-    ret = krb5_crypto_init(context, key, 0, &crypto);
-    if (ret) {
-	free(data.data);
-	free_PA_ClientCanonicalized(&canon);
-	return ret;
-    }
-
-    ret = krb5_verify_checksum(context, crypto, KRB5_KU_CANONICALIZED_NAMES,
-			       data.data, data.length,
-			       &canon.canon_checksum);
-    krb5_crypto_destroy(context, crypto);
-    free(data.data);
-    if (ret) {
-	krb5_set_error_message(context, ret,
-			       N_("Failed to verify client canonicalized "
-				  "data from realm %s", ""),
-			       requested->realm);
-	free_PA_ClientCanonicalized(&canon);
-	return ret;
-    }
-
-    if (!_krb5_principal_compare_PrincipalName(context,
-					       requested,
-					       &canon.names.requested_name))
-    {
-	free_PA_ClientCanonicalized(&canon);
-	krb5_set_error_message(context, KRB5_PRINC_NOMATCH,
-			       N_("Requested name doesn't match"
-				  " in client referral", ""));
-	return KRB5_PRINC_NOMATCH;
-    }
-    if (!_krb5_principal_compare_PrincipalName(context,
-					       mapped,
-					       &canon.names.mapped_name))
-    {
-	free_PA_ClientCanonicalized(&canon);
-	krb5_set_error_message(context, KRB5_PRINC_NOMATCH,
-			       N_("Mapped name doesn't match"
-				  " in client referral", ""));
-	return KRB5_PRINC_NOMATCH;
-    }
-
-    return 0;
-
-noreferral:
     if (krb5_principal_compare(context, requested, mapped) == FALSE &&
 	!rep->enc_part.flags.enc_pa_rep)
     {