diff --git a/xroot_plugins/XrdSsiCtaServiceProvider.cpp b/xroot_plugins/XrdSsiCtaServiceProvider.cpp
index f31cd337dc3218c324522bdff343ea3a72511b15..3558e198b61f7eabdf4100b9b1c3d76ebfc55253 100644
--- a/xroot_plugins/XrdSsiCtaServiceProvider.cpp
+++ b/xroot_plugins/XrdSsiCtaServiceProvider.cpp
@@ -50,6 +50,56 @@ XrdSsiProvider *XrdSsiProviderServer = new XrdSsiCtaServiceProvider;
 
 
 
+namespace XrdSsiPb {
+
+/*!
+ * Override the Service::Prepare method
+ *
+ * Ensures that resource.client->name is valid. This is obtained from the KRB5 or SSS key, so
+ * connections via unix sockets are not possible in this scheme.
+ */
+template<>
+bool Service<cta::xrd::Request, cta::xrd::Response, cta::xrd::Alert>::Prepare(XrdSsiErrInfo &eInfo, const XrdSsiResource &resource)
+{
+#ifdef XRDSSI_DEBUG
+   std::cerr << "[DEBUG] Service::Prepare():" << std::endl;
+   std::cerr << "[DEBUG]    Resource name: " << resource.rName << std::endl
+             << "[DEBUG]    Resource user: " << resource.rUser << std::endl
+             << "[DEBUG]    Resource info: " << resource.rInfo << std::endl
+             << "[DEBUG]    Hosts to avoid: " << resource.hAvoid << std::endl
+             << "[DEBUG]    Affinity: ";
+
+   switch(resource.affinity)
+   {
+      case XrdSsiResource::None:     std::cerr << "None" << std::endl; break;
+      case XrdSsiResource::Default:  std::cerr << "Default" << std::endl; break;
+      case XrdSsiResource::Weak:     std::cerr << "Weak" << std::endl; break;
+      case XrdSsiResource::Strong:   std::cerr << "Strong" << std::endl; break;
+      case XrdSsiResource::Strict:   std::cerr << "Strict" << std::endl; break;
+   }
+
+   std::cerr << "[DEBUG]    Resource options: "
+             << (resource.rOpts & XrdSsiResource::Reusable ? "Resuable " : "")
+             << (resource.rOpts & XrdSsiResource::Discard  ? "Discard"   : "")
+             << std::endl;
+#endif
+   if(resource.client == nullptr || resource.client->name == nullptr)
+   {
+      eInfo.Set("Service::Prepare(): XRootD client name is not set. "
+         "Possible misconfiguration of the KRB5 or SSS keyfile.", EACCES);
+      return false;
+   }
+#ifdef XRDSSI_DEBUG
+   std::cerr << "[DEBUG]    Resource client name: " << resource.client->name << std::endl;
+#endif
+
+   return true;
+}
+
+} // namespace XrdSsiPb
+
+
+
 /*!
  * Initialise the Service Provider
  */
diff --git a/xrootd-ssi-protobuf-interface b/xrootd-ssi-protobuf-interface
index 456421e18b3670a4de4352de2933ef26f3a0e4cc..e95c47d2143875f0eb3c7e56b82ac3064c60651b 160000
--- a/xrootd-ssi-protobuf-interface
+++ b/xrootd-ssi-protobuf-interface
@@ -1 +1 @@
-Subproject commit 456421e18b3670a4de4352de2933ef26f3a0e4cc
+Subproject commit e95c47d2143875f0eb3c7e56b82ac3064c60651b