diff --git a/lib/gssapi/test_context.c b/lib/gssapi/test_context.c
index 1308af383..20354a6d5 100644
--- a/lib/gssapi/test_context.c
+++ b/lib/gssapi/test_context.c
@@ -199,7 +199,7 @@ loop(gss_OID mechoid,
 	gss_release_buffer(&min_stat, &input_token);
     gss_release_name(&min_stat, &gss_target_name);
 
-    if (deleg_flag) {
+    if (deleg_flag || policy_deleg_flag) {
 	if (server_no_deleg_flag) {
 	    if (*deleg_cred != GSS_C_NO_CREDENTIAL)
 		errx(1, "got delegated cred but didn't expect one");
diff --git a/tests/gss/check-context.in b/tests/gss/check-context.in
index 3b27ae8a6..33f1c858c 100644
--- a/tests/gss/check-context.in
+++ b/tests/gss/check-context.in
@@ -83,6 +83,11 @@ ${kadmin} ext -k ${keytab} host/lucid.test.h5l.se@${R} || exit 1
 ${kadmin} add -p p1 --use-defaults host/lucid@${R} || exit 1
 ${kadmin} ext -k ${keytab} host/lucid@${R} || exit 1
 
+${kadmin} add -p p1 --use-defaults host/ok-delegate.test.h5l.se@${R} || exit 1
+${kadmin} mod --attributes=+ok-as-delegate host/ok-delegate.test.h5l.se@${R} || exit 1
+${kadmin} get host/ok-delegate.test.h5l.se@${R} || exit 1
+
+
 ${kadmin} add -p kaka --use-defaults digest/${R}@${R} || exit 1
 
 ${kadmin} add -p u1 --use-defaults user1@${R} || exit 1
@@ -256,6 +261,29 @@ ${context} \
     --name-type=hostbased-service host@lucid.test.h5l.se || \
 	{ exitcode=1 ; echo "test failed"; }
 
+echo "ok-as-delegate not used"
+${context} \
+    --mech-type=krb5 \
+    --policy-delegate \
+    --name-type=hostbased-service host@lucid.test.h5l.se || \
+	{ exitcode=1 ; echo "test failed"; }
+
+echo "ok-as-delegate not used"
+${context} \
+    --mech-type=krb5 \
+    --policy-delegate \
+    --server-no-delegate \
+    --name-type=hostbased-service host@lucid.test.h5l.se || \
+	{ exitcode=1 ; echo "test failed"; }
+
+echo "ok-as-delegate used by policy"
+${context} \
+    --mech-type=krb5 \
+    --policy-delegate \
+    --name-type=hostbased-service ok-delegate.test.h5l.se || \
+	{ exitcode=1 ; echo "test failed"; }
+
+
 echo "Getting client initial tickets with --ok-as-delgate"
 ${kinit} --ok-as-delegate  --forwardable \
     --password-file=${objdir}/foopassword user1@${R} || exitcode=1