diff --git a/pkg/authkit/models/accounts.go b/pkg/authkit/models/accounts.go
index 420fbc9..953114a 100644
--- a/pkg/authkit/models/accounts.go
+++ b/pkg/authkit/models/accounts.go
@@ -39,6 +39,8 @@ type Account struct {
 
 	Relations []AccountRelationship `json:"relations,omitempty" gorm:"foreignKey:AccountID"`
 
+	Punishments []Punishment `json:"punishments,omitempty"`
+
 	// Keep this for backward compability
 	Description string `json:"description" gorm:"-"`
 }
diff --git a/pkg/internal/grpc/user.go b/pkg/internal/grpc/user.go
index 40b9fe7..b58712f 100644
--- a/pkg/internal/grpc/user.go
+++ b/pkg/internal/grpc/user.go
@@ -4,6 +4,8 @@ import (
 	"context"
 	"fmt"
 
+	"maps"
+
 	"git.solsynth.dev/hypernet/nexus/pkg/proto"
 	"git.solsynth.dev/hypernet/passport/pkg/authkit/models"
 	localCache "git.solsynth.dev/hypernet/passport/pkg/internal/cache"
@@ -65,6 +67,17 @@ func (v *App) GetUser(ctx context.Context, request *proto.GetUserRequest) (*prot
 			}
 		}
 
+		punishments, err := services.ListPunishments(account)
+		if err != nil {
+			return nil, status.Errorf(codes.Internal, fmt.Sprintf("unable to get account punishments: %v", err))
+		}
+		account.Punishments = punishments
+		for _, punishment := range punishments {
+			if punishment.Type == models.PunishmentTypeLimited && len(punishment.PermNodes) > 0 {
+				maps.Copy(account.PermNodes, punishment.PermNodes)
+			}
+		}
+
 		services.CacheAccount(account)
 	}
 
diff --git a/pkg/internal/services/ticket_token.go b/pkg/internal/services/ticket_token.go
index cd42f21..5200310 100644
--- a/pkg/internal/services/ticket_token.go
+++ b/pkg/internal/services/ticket_token.go
@@ -2,11 +2,12 @@ package services
 
 import (
 	"fmt"
-	"git.solsynth.dev/hypernet/nexus/pkg/nex/sec"
-	"git.solsynth.dev/hypernet/passport/pkg/authkit/models"
 	"strconv"
 	"time"
 
+	"git.solsynth.dev/hypernet/nexus/pkg/nex/sec"
+	"git.solsynth.dev/hypernet/passport/pkg/authkit/models"
+
 	"git.solsynth.dev/hypernet/passport/pkg/internal/database"
 	"github.com/samber/lo"
 	"github.com/spf13/viper"
@@ -35,8 +36,7 @@ func GetToken(ticket models.AuthTicket) (atk, rtk string, err error) {
 		return
 	}
 
-	ticket.LastGrantAt = lo.ToPtr(time.Now())
-	database.C.Save(&ticket)
+	database.C.Model(&ticket).Update("last_grant_at", time.Now())
 
 	return
 }