diff --git a/amandad-src/amandad.c b/amandad-src/amandad.c

index d864c3f..4a899fb 100644

--- a/amandad-src/amandad.c

+++ b/amandad-src/amandad.c

@@ -456,7 +456,7 @@ main(

     }

 #ifndef SINGLE_USERID

-    if (geteuid() == 0) {

+    if (getuid() == 0) {

 	if (strcasecmp(auth, "krb5") != 0) {

 	    struct passwd *pwd;

 	    /* lookup our local user name */

diff --git a/common-src/krb5-security.c b/common-src/krb5-security.c

index c3075fa..8d3b18a 100644

--- a/common-src/krb5-security.c

+++ b/common-src/krb5-security.c

@@ -334,6 +334,7 @@ krb5_accept(

     char hostname[NI_MAXHOST];

     int result;

     char *errmsg = NULL;

+    struct passwd *pw;

     krb5_init();

@@ -372,6 +373,12 @@ krb5_accept(

 	error("gss_server failed: %s\n", rc->errmsg);

     rc->accept_fn = fn;

     sec_tcp_conn_read(rc);

+

+    /* totally drop privileges at this point

+     *(making the userid equal to the dumpuser)

+     */

+    pw = getpwnam(CLIENT_LOGIN);

+    setreuid(pw->pw_uid, pw->pw_uid);

 }

 /*

@@ -712,7 +719,7 @@ krb5_init(void)

     beenhere = 1;

 #ifndef BROKEN_MEMORY_CCACHE

-    putenv(stralloc("KRB5_ENV_CCNAME=MEMORY:amanda_ccache"));

+    putenv(stralloc(KRB5_ENV_CCNAME"=MEMORY:amanda_ccache"));

 #else

     /*

      * MEMORY ccaches seem buggy and cause a lot of internal heap

@@ -727,7 +734,7 @@ krb5_init(void)

 	char *ccache;

 	ccache = malloc(128);

 	g_snprintf(ccache, SIZEOF(ccache),

-		 "KRB5_ENV_CCNAME=FILE:/tmp/amanda_ccache.%ld.%ld",

+		 KRB5_ENV_CCNAME"=FILE:/tmp/amanda_ccache.%ld.%ld",

 		 (long)geteuid(), (long)getpid());

 	putenv(ccache);

     }