diff --git a/services/univention-samba4/s4search-decode b/services/univention-samba4/s4search-decode
index 68ae51c..549af97 100755
--- a/services/univention-samba4/s4search-decode
+++ b/services/univention-samba4/s4search-decode
@@ -48,6 +48,7 @@ from samba.ndr import ndr_print
 from datetime import datetime
 
 context = None
+permitted_enctypes = []
 
 keytypes = {
 	1: 'des_crc',
@@ -74,10 +75,20 @@ def decode_unicodePwd(value, kvno=0):
 
 
 def decode_krb5Key(value):
+	global context
+	global permitted_enctypes
+	if not context:
+		context = heimdal.context()
+	if not permitted_enctypes:
+		for enc in context.get_permitted_enctypes():
+			permitted_enctypes.append(enc.toint())
 	k = binascii.a2b_base64(value)
 	(keyblock, salt, kvno) = heimdal.asn1_decode_key(k)
 	enctype = keyblock.keytype()
 	enctype_id = enctype.toint()
+	if enctype_id not in permitted_enctypes:
+		print "#\tSKIPPING ENC type %s, not support by heimdal" % enctype_id
+		return
 	print "#\tkrb5_keytype: %s (%d)" % (enctype, enctype_id)
 	key_data = keyblock.keyvalue()
 	print "#\tkeyblock: ", binascii.b2a_base64(key_data).strip()