diff --git a/ChangeLog b/ChangeLog
index 2813c84..299bc32 100644
--- a/ChangeLog
+++ b/ChangeLog
@@ -1,3 +1,7 @@
+2017-08-03  NIIBE Yutaka  <gniibe@fsij.org>
+
+	* src/openpgp.c (cmd_terminate_df): Fix for admin-less mode.
+
 2017-08-03  Jeremy Drake <jeremydrake+gnuk@eacceleration.com>
 
 	* regnual/regnual.c (main): Allow compile time
diff --git a/THANKS b/THANKS
index e031b33..d6966e4 100644
--- a/THANKS
+++ b/THANKS
@@ -35,6 +35,7 @@ Paul Fertser
 Paul Bakker		polarssl_maintainer@polarssl.org
 Santiago Ruano Rincón	santiago@debian.org
 Shane Coughlan		scoughlan@openinventionnetwork.com
+Stanislas Bach		sbach@0g.re
 Szczepan Zalega		szczepan@nitrokey.com
 Vasily Evseenko
 Werner Koch		wk@gnupg.org
diff --git a/src/openpgp.c b/src/openpgp.c
index 4e19802..1fdd01a 100644
--- a/src/openpgp.c
+++ b/src/openpgp.c
@@ -1335,6 +1335,8 @@ cmd_activate_file (void)
 static void
 cmd_terminate_df (void)
 {
+  const uint8_t *ks_pw3;
+
   uint8_t p1 = P1 (apdu);
   uint8_t p2 = P2 (apdu);
 
@@ -1356,8 +1358,11 @@ cmd_terminate_df (void)
       return;
     }
 
+  ks_pw3 = gpg_do_read_simple (NR_DO_KEYSTRING_PW3);
 
-  if (!ac_check_status (AC_ADMIN_AUTHORIZED) && !gpg_pw_locked (PW_ERR_PW3))
+  if (!ac_check_status (AC_ADMIN_AUTHORIZED)
+      && !((ks_pw3 && gpg_pw_locked (PW_ERR_PW3))
+	   || (ks_pw3 == NULL && gpg_pw_locked (PW_ERR_PW1))))
     {
       /* Only allow the case admin authorized, or, admin pass is locked.  */
       GPG_SECURITY_FAILURE();