diff --git a/scheduler/auth.c b/scheduler/auth.c
index e7d0006..d70e21e 100644
--- a/scheduler/auth.c
+++ b/scheduler/auth.c
@@ -564,8 +564,12 @@ cupsdAuthorize(cupsd_client_t *con)	/* I - Client connection */
     switch (type)
     {
       default :
+	  {
+	    cupsdLogClient(con, CUPSD_LOG_ERROR, "Basic authentication is not enabled.");
+	    return;
+	  }
       case CUPSD_AUTH_BASIC :
-          {
+	  {
 #if HAVE_LIBPAM
 	   /*
 	    * Only use PAM to do authentication.  This supports MD5
@@ -737,6 +741,16 @@ cupsdAuthorize(cupsd_client_t *con)	/* I - Client connection */
     gss_name_t		client_name;	/* Client name */
 
 
+   /*
+    * Only allow Kerberos if enabled...
+    */
+
+    if (type != CUPSD_AUTH_NEGOTIATE)
+    {
+      cupsdLogClient(con, CUPSD_LOG_ERROR, "Kerberos authentication is not enabled.");
+      return;
+    }
+
 #  ifdef __APPLE__
    /*
     * If the weak-linked GSSAPI/Kerberos library is not present, don't try