diff --git a/libexec/ftpd/extern.h b/libexec/ftpd/extern.h
index ff1cdfbf8589..bdfed868d8bb 100644
--- a/libexec/ftpd/extern.h
+++ b/libexec/ftpd/extern.h
@@ -31,7 +31,7 @@
  * SUCH DAMAGE.
  *
  *	@(#)extern.h	8.2 (Berkeley) 4/4/94
- *	$Id$
+ *	$Id: extern.h,v 1.4 1996/09/22 21:53:21 wosch Exp $
  */
 
 void	blkfree __P((char **));
@@ -68,5 +68,5 @@ void	user __P((char *));
 void	yyerror __P((char *));
 int	yyparse __P((void));
 #if defined(SKEY) && defined(_PWD_H_) /* XXX evil */
-char   *skey_challenge __P((char *, struct passwd *, int));
+char   *skey_challenge __P((char *, struct passwd *, int, int *));
 #endif
diff --git a/libexec/ftpd/ftpd.c b/libexec/ftpd/ftpd.c
index 58378db9b340..42f49b0ecfd1 100644
--- a/libexec/ftpd/ftpd.c
+++ b/libexec/ftpd/ftpd.c
@@ -30,7 +30,7 @@
  * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
  * SUCH DAMAGE.
  *
- *	$Id: ftpd.c,v 1.22 1996/08/09 09:02:26 markm Exp $
+ *	$Id: ftpd.c,v 1.23 1996/08/09 22:22:30 julian Exp $
  */
 
 #if 0
@@ -182,6 +182,7 @@ char	proctitle[LINE_MAX];	/* initial part of title */
 
 #ifdef SKEY
 int	pwok = 0;
+int     sflag;
 char	addr_string[20];	/* XXX */
 #endif
 
@@ -627,7 +628,17 @@ user(name)
 		strncpy(curname, name, sizeof(curname)-1);
 #ifdef SKEY
 	pwok = skeyaccess(name, NULL, remotehost, addr_string);
-	reply(331, "%s", skey_challenge(name, pw, pwok));
+	cp = skey_challenge(name, pw, pwok, &sflag);
+	if (!pwok && sflag) {
+		reply(530, cp);
+		if (logging)
+			syslog(LOG_NOTICE,
+			    "FTP LOGIN REFUSED FROM %s, %s",
+			    remotehost, name);
+		pw = (struct passwd *) NULL;
+		return;
+	}
+	reply(331, cp);
 #else
 	reply(331, "Password required for %s.", name);
 #endif
diff --git a/libexec/ftpd/skey-stuff.c b/libexec/ftpd/skey-stuff.c
index 8dedc18e6f1c..06a227d7db3a 100644
--- a/libexec/ftpd/skey-stuff.c
+++ b/libexec/ftpd/skey-stuff.c
@@ -1,6 +1,6 @@
 /* Author: Wietse Venema, Eindhoven University of Technology. 
  *
- *	$Id$
+ *	$Id: skey-stuff.c,v 1.3 1996/09/22 21:53:34 wosch Exp $
  */
 
 #include <stdio.h>
@@ -10,18 +10,20 @@
 
 /* skey_challenge - additional password prompt stuff */
 
-char   *skey_challenge(name, pwd, pwok)
+char   *skey_challenge(name, pwd, pwok, sflag)
 char   *name;
 struct passwd *pwd;
 int     pwok;
+int    *sflag;
 {
     static char buf[128];
     struct skey skey;
+    char *username = pwd ? pwd->pw_name : ":";
 
     /* Display s/key challenge where appropriate. */
 
-    if (pwd == 0 || skeychallenge(&skey, pwd->pw_name, buf) != 0)
-	sprintf(buf, "%s required for %s.",
-		pwok ? "Password" : "S/Key password", name);
+    *sflag = skeychallenge(&skey, username, buf);
+    sprintf(buf, "%s required for %s.",
+	pwok ? "Password" : "S/Key password", name);
     return (buf);
 }