diff --git a/kadmin/version4.c b/kadmin/version4.c
index b7320feae..c07ef0c4e 100644
--- a/kadmin/version4.c
+++ b/kadmin/version4.c
@@ -791,6 +791,7 @@ dispatch(krb5_context context,
 
 static void
 decode_packet(krb5_context context,
+	      krb5_keytab keytab,
 	      struct sockaddr_in *admin_addr,
 	      struct sockaddr_in *client_addr,
 	      krb5_data message,
@@ -809,6 +810,7 @@ decode_packet(krb5_context context,
     void *kadm_handle;
     krb5_principal client;
     char *client_str;
+    krb5_keytab_entry entry;
     
     if(message.length < KADM_VERSIZE
        || strncmp(msg, KADM_VERSTR, KADM_VERSIZE) != 0) {
@@ -834,13 +836,16 @@ decode_packet(krb5_context context,
 	    make_you_loose_packet (KADM_NOMEM, reply);
 	    return;
 	}
-	ret = krb5_kt_read_service_key(context, 
-				       "HDB:",
-				       principal,
-				       0,
-/*				       ETYPE_DES_CBC_CRC,*/
-				       ETYPE_DES_CBC_MD5,
-				       &key);
+	ret = krb5_kt_get_entry (context, keytab, principal, 0,
+				 ETYPE_DES_CBC_MD5, &entry);
+	krb5_kt_close (context, keytab);
+	if (ret) {
+	    krb5_free_principal(context, principal);
+	    make_you_loose_packet (KADM_NO_AUTH, reply);
+	    return;
+	}
+	ret = krb5_copy_keyblock (context, &entry.keyblock,& key);
+	krb5_kt_free_entry(context, &entry);
 	krb5_free_principal(context, principal);
 	if(ret) {
 	    if(ret == KRB5_KT_NOTFOUND)
@@ -924,6 +929,7 @@ out:
 
 void
 handle_v4(krb5_context context,
+	  krb5_keytab keytab,
 	  int len,
 	  int fd)
 {
@@ -975,7 +981,7 @@ handle_v4(krb5_context context,
 		krb5_err (context, 1, errno, "krb5_net_read");
 	}
 	doing_useful_work = 1;
-	decode_packet(context, &admin_addr, &client_addr, 
+	decode_packet(context, keytab, &admin_addr, &client_addr, 
 		      message, &reply);
 	krb5_data_free(&message);
 	{