diff --git a/lib/krb5/fast.c b/lib/krb5/fast.c
index 338c4facf..a8a664d7c 100644
--- a/lib/krb5/fast.c
+++ b/lib/krb5/fast.c
@@ -694,10 +694,14 @@ _krb5_fast_unwrap_error(krb5_context context,
     idx = 0;
     pa = krb5_find_padata(md->val, md->len, KRB5_PADATA_FX_FAST, &idx);
     if (pa == NULL) {
-	ret = KRB5_KDCREP_MODIFIED;
-	krb5_set_error_message(context, ret,
-			       N_("FAST fast response is missing FX-FAST", ""));
-	goto out;
+	/*
+	 * Typically _krb5_fast_wrap_req() has set KRB5_FAST_EXPECTED, which
+	 * means check_fast() will complain and return KRB5KRB_AP_ERR_MODIFIED.
+	 *
+	 * But for TGS-REP init_tgs_req() clears KRB5_FAST_EXPECTED and we'll
+	 * ignore a missing KRB5_PADATA_FX_FAST.
+	 */
+	return check_fast(context, state);
     }
 
     ret = unwrap_fast_rep(context, state, pa, &fastrep);