diff --git a/lib/krb5/rd_priv.c b/lib/krb5/rd_priv.c
index c6c31de69..aa95a47e2 100644
--- a/lib/krb5/rd_priv.c
+++ b/lib/krb5/rd_priv.c
@@ -1,5 +1,5 @@
 /*
- * Copyright (c) 1997 - 2000 Kungliga Tekniska Högskolan
+ * Copyright (c) 1997 - 2001 Kungliga Tekniska Högskolan
  * (Royal Institute of Technology, Stockholm, Sweden). 
  * All rights reserved. 
  *
@@ -126,14 +126,19 @@ krb5_rd_priv(krb5_context context,
 
   /* XXX - check replay cache */
 
-  /* check sequence number */
+  /* check sequence number. since MIT krb5 cannot generate a sequence
+     number of zero but instead generates no sequence number, we accept that
+  */
+
   if (auth_context->flags & KRB5_AUTH_CONTEXT_DO_SEQUENCE) {
-    if (part.seq_number == NULL ||
-	*part.seq_number != auth_context->remote_seqnumber) {
-      ret = KRB5KRB_AP_ERR_BADORDER;
-      goto failure_part;
-    }
-    auth_context->remote_seqnumber++;
+      if ((part.seq_number == NULL
+	   && auth_context->remote_seqnumber != 0)
+	  || (part.seq_number != NULL
+	      && *part.seq_number != auth_context->remote_seqnumber)) {
+	  ret = KRB5KRB_AP_ERR_BADORDER;
+	  goto failure_part;
+      }
+      auth_context->remote_seqnumber++;
   }
 
   ret = krb5_data_copy (outbuf, part.user_data.data, part.user_data.length);