diff --git a/amandad-src/amandad.c b/amandad-src/amandad.c
index d864c3f..4a899fb 100644
--- a/amandad-src/amandad.c
+++ b/amandad-src/amandad.c
@@ -456,7 +456,7 @@ main(
     }
 
 #ifndef SINGLE_USERID
-    if (geteuid() == 0) {
+    if (getuid() == 0) {
 	if (strcasecmp(auth, "krb5") != 0) {
 	    struct passwd *pwd;
 	    /* lookup our local user name */
diff --git a/common-src/krb5-security.c b/common-src/krb5-security.c
index c3075fa..8d3b18a 100644
--- a/common-src/krb5-security.c
+++ b/common-src/krb5-security.c
@@ -334,6 +334,7 @@ krb5_accept(
     char hostname[NI_MAXHOST];
     int result;
     char *errmsg = NULL;
+    struct passwd *pw;
 
     krb5_init();
 
@@ -372,6 +373,12 @@ krb5_accept(
 	error("gss_server failed: %s\n", rc->errmsg);
     rc->accept_fn = fn;
     sec_tcp_conn_read(rc);
+
+    /* totally drop privileges at this point
+     *(making the userid equal to the dumpuser)
+     */
+    pw = getpwnam(CLIENT_LOGIN);
+    setreuid(pw->pw_uid, pw->pw_uid);
 }
 
 /*
@@ -712,7 +719,7 @@ krb5_init(void)
     beenhere = 1;
 
 #ifndef BROKEN_MEMORY_CCACHE
-    putenv(stralloc("KRB5_ENV_CCNAME=MEMORY:amanda_ccache"));
+    putenv(stralloc(KRB5_ENV_CCNAME"=MEMORY:amanda_ccache"));
 #else
     /*
      * MEMORY ccaches seem buggy and cause a lot of internal heap
@@ -727,7 +734,7 @@ krb5_init(void)
 	char *ccache;
 	ccache = malloc(128);
 	g_snprintf(ccache, SIZEOF(ccache),
-		 "KRB5_ENV_CCNAME=FILE:/tmp/amanda_ccache.%ld.%ld",
+		 KRB5_ENV_CCNAME"=FILE:/tmp/amanda_ccache.%ld.%ld",
 		 (long)geteuid(), (long)getpid());
 	putenv(ccache);
     }