diff --git a/auth/passwd.c b/auth/passwd.c
index 0bb5b3c04..ccd3482f3 100644
--- a/auth/passwd.c
+++ b/auth/passwd.c
@@ -1,5 +1,5 @@
 /*
- * Copyright (c) 1999 Todd C. Miller <Todd.Miller@courtesan.com>
+ * Copyright (c) 1999, 2001 Todd C. Miller <Todd.Miller@courtesan.com>
  * All rights reserved.
  *
  * Redistribution and use in source and binary forms, with or without
@@ -61,6 +61,19 @@ static const char rcsid[] = "$Sudo$";
 #define DESLEN			13
 #define HAS_AGEINFO(p, l)	(l == 18 && p[DESLEN] == ',')
 
+int
+passwd_init(pw, promptp, auth)
+    struct passwd *pw;
+    char **promptp;
+    sudo_auth *auth;
+{
+#ifdef HAVE_SKEYACCESS
+    if (skeyaccess(pw->pw_name, user_tty, NULL, NULL) == 0)
+	return(AUTH_FATAL);
+#endif
+    return(AUTH_SUCCESS);
+}
+
 int
 passwd_verify(pw, pass, auth)
     struct passwd *pw;
diff --git a/auth/sudo_auth.c b/auth/sudo_auth.c
index f6b6f59fa..005c7b43f 100644
--- a/auth/sudo_auth.c
+++ b/auth/sudo_auth.c
@@ -67,7 +67,7 @@ sudo_auth auth_switch[] = {
     AUTH_STANDALONE
 #else
 #  ifndef WITHOUT_PASSWD
-    AUTH_ENTRY(0, "passwd", NULL, NULL, passwd_verify, NULL)
+    AUTH_ENTRY(0, "passwd", passwd_init, NULL, passwd_verify, NULL)
 #  endif
 #  if defined(HAVE_GETPRPWNAM) && !defined(WITHOUT_PASSWD)
     AUTH_ENTRY(0, "secureware", secureware_init, NULL, secureware_verify, NULL)
diff --git a/auth/sudo_auth.h b/auth/sudo_auth.h
index e964ff05c..25dd7fc86 100644
--- a/auth/sudo_auth.h
+++ b/auth/sudo_auth.h
@@ -80,6 +80,7 @@ int bsdauth_verify __P((struct passwd *pw, char *prompt, sudo_auth *auth));
 int bsdauth_cleanup __P((struct passwd *pw, sudo_auth *auth));
 
 /* Prototypes for normal methods */
+int passwd_init __P((struct passwd *pw, char **prompt, sudo_auth *auth));
 int passwd_verify __P((struct passwd *pw, char *pass, sudo_auth *auth));
 int secureware_init __P((struct passwd *pw, char **prompt, sudo_auth *auth));
 int secureware_verify __P((struct passwd *pw, char *pass, sudo_auth *auth));