diff --git a/lib/gssapi/ntlm/accept_sec_context.c b/lib/gssapi/ntlm/accept_sec_context.c
index 86cc5fadf..a850e6254 100644
--- a/lib/gssapi/ntlm/accept_sec_context.c
+++ b/lib/gssapi/ntlm/accept_sec_context.c
@@ -186,27 +186,33 @@ _gss_ntlm_accept_sec_context
 	ret = krb5_data_copy(&ctx->sessionkey, 
 			     session.data, session.length);
 	if (ret) {	
-	    _gss_ntlm_delete_sec_context(minor_status, context_handle, NULL);
+	    _gss_ntlm_delete_sec_context(minor_status,
+					 context_handle, NULL);
 	    *minor_status = ret;
 	    return GSS_S_FAILURE;
 	}
-
-	ctx->status |= STATUS_SESSIONKEY; 
 	
-	if (ctx->flags & NTLM_NEG_NTLM2_SESSION) {
-	    _gss_ntlm_set_key(&ctx->u.v2.send, 1, (ctx->flags & NTLM_NEG_KEYEX),
-			      ctx->sessionkey.data,
-			      ctx->sessionkey.length);
-	    _gss_ntlm_set_key(&ctx->u.v2.recv, 0, (ctx->flags & NTLM_NEG_KEYEX),
-			      ctx->sessionkey.data,
-			      ctx->sessionkey.length);
-	} else {
-	    RC4_set_key(&ctx->u.v1.crypto_send.key, 
-			ctx->sessionkey.length,
-			ctx->sessionkey.data);
-	    RC4_set_key(&ctx->u.v1.crypto_recv.key, 
-			ctx->sessionkey.length,
-			ctx->sessionkey.data);
+	if (session.length != 0) {
+
+	    ctx->status |= STATUS_SESSIONKEY; 
+
+	    if (ctx->flags & NTLM_NEG_NTLM2_SESSION) {
+		_gss_ntlm_set_key(&ctx->u.v2.send, 1,
+				  (ctx->flags & NTLM_NEG_KEYEX),
+				  ctx->sessionkey.data,
+				  ctx->sessionkey.length);
+		_gss_ntlm_set_key(&ctx->u.v2.recv, 0,
+				  (ctx->flags & NTLM_NEG_KEYEX),
+				  ctx->sessionkey.data,
+				  ctx->sessionkey.length);
+	    } else {
+		RC4_set_key(&ctx->u.v1.crypto_send.key, 
+			    ctx->sessionkey.length,
+			    ctx->sessionkey.data);
+		RC4_set_key(&ctx->u.v1.crypto_recv.key, 
+			    ctx->sessionkey.length,
+			    ctx->sessionkey.data);
+	    }
 	}
 
 	if (mech_type)