diff --git a/socks4.c b/socks4.c
index 865cc77e..0c77a5df 100644
--- a/socks4.c
+++ b/socks4.c
@@ -52,11 +52,14 @@ const int socks4_status_no_ident = 92;
 const int socks4_status_fake_ident = 93;
 
 
-void socks4_client_init(redsocks_client *client)
+static void socks4_instance_init(redsocks_instance *instance)
 {
-	if (client->instance->config.password)
-		redsocks_log_error(client, LOG_WARNING, "password is ignored for socks4 connections");
+	if (instance->config.password)
+		log_error(LOG_WARNING, "password <%s> is ignored for socks4 connections", instance->config.password);
+}
 
+static void socks4_client_init(redsocks_client *client)
+{
 	client->state = socks4_new;
 }
 
@@ -139,6 +142,7 @@ relay_subsys socks4_subsys =
 	.readcb               = socks4_read_cb,
 	.writecb              = socks4_write_cb,
 	.init                 = socks4_client_init,
+	.instance_init        = socks4_instance_init,
 };
 
 
diff --git a/socks5.c b/socks5.c
index 71b36e3f..f38b6771 100644
--- a/socks5.c
+++ b/socks5.c
@@ -61,28 +61,47 @@ const char* socks5_status_to_str(int socks5_status)
 	}
 }
 
-int socks5_is_valid_cred(const char *login, const char *password)
+bool socks5_is_valid_cred(const char *login, const char *password)
 {
 	if (!login || !password)
-		return 0;
+		return false;
 	if (strlen(login) > 255) {
 		log_error(LOG_WARNING, "Socks5 login can't be more than 255 chars, <%s> is too long", login);
-		return 0;
+		return false;
 	}
 	if (strlen(password) > 255) {
 		log_error(LOG_WARNING, "Socks5 password can't be more than 255 chars, <%s> is too long", password);
-		return 0;
+		return false;
 	}
-	return 1;
+	return true;
 }
 
-void socks5_client_init(redsocks_client *client)
+static void socks5_instance_init(redsocks_instance *instance)
+{
+	redsocks_config *config = &instance->config;
+	if (config->login || config->password) {
+		bool deauth = false;
+		if (config->login && config->password) {
+			deauth = socks5_is_valid_cred(config->login, config->password);
+		} else  {
+			log_error(LOG_WARNING, "Socks5 needs either both login and password or none of them");
+			deauth = true;
+		}
+		if (deauth) {
+			free(config->login);
+			free(config->password);
+			config->login = config->password = NULL;
+		}
+	}
+}
+
+static void socks5_client_init(redsocks_client *client)
 {
 	socks5_client *socks5 = red_payload(client);
 	const redsocks_config *config = &client->instance->config;
 
 	client->state = socks5_new;
-	socks5->do_password = socks5_is_valid_cred(config->login, config->password);
+	socks5->do_password = (config->login && config->password) ? 1 : 0;
 }
 
 static struct evbuffer *socks5_mkmethods(redsocks_client *client)
@@ -317,6 +336,7 @@ relay_subsys socks5_subsys =
 	.readcb               = socks5_read_cb,
 	.writecb              = socks5_write_cb,
 	.init                 = socks5_client_init,
+	.instance_init        = socks5_instance_init,
 };
 
 
diff --git a/socks5.h b/socks5.h
index 5155225a..a63b6769 100644
--- a/socks5.h
+++ b/socks5.h
@@ -87,7 +87,7 @@ static const int socks5_status_Address_type_not_supported = 8;
 
 
 const char* socks5_status_to_str(int socks5_status);
-int socks5_is_valid_cred(const char *login, const char *password);
+bool socks5_is_valid_cred(const char *login, const char *password);
 
 struct evbuffer *socks5_mkmethods_plain(int do_password);
 struct evbuffer *socks5_mkpassword_plain(const char *login, const char *password);