diff --git a/configure.ac b/configure.ac
index e3a749ab7a7defc5a03f225e987393a821cd7686..43cea1f5aa2825104668094e104c021962fc70f1 100644
--- a/configure.ac
+++ b/configure.ac
@@ -1116,6 +1116,14 @@ if test "x$with_polkit" = "xyes" || test "x$with_polkit" = "xcheck"; then
   AC_PATH_PROG([PKCHECK_PATH],[pkcheck], [], [/usr/sbin:$PATH])
   if test "x$PKCHECK_PATH" != "x" ; then
     AC_DEFINE_UNQUOTED([PKCHECK_PATH],["$PKCHECK_PATH"],[Location of pkcheck program])
+    AC_MSG_CHECKING([whether pkcheck supports uid value])
+    pkcheck_supports_uid=`$PKG_CONFIG --variable pkcheck_supports_uid polkit-gobject-1`
+    if test "x$pkcheck_supports_uid" = "xtrue"; then
+      AC_MSG_RESULT([yes])
+      AC_DEFINE_UNQUOTED([PKCHECK_SUPPORTS_UID], 1, [Pass uid to pkcheck])
+    else
+      AC_MSG_RESULT([no])
+    fi
     AC_DEFINE_UNQUOTED([WITH_POLKIT], 1,
         [use PolicyKit for UNIX socket access checks])
     AC_DEFINE_UNQUOTED([WITH_POLKIT1], 1,
diff --git a/daemon/remote.c b/daemon/remote.c
index 5c69af0ea26db97eca7f38b3f92fedb61b88bab6..399140da569d8c80e88362260c953cede69b0e17 100644
--- a/daemon/remote.c
+++ b/daemon/remote.c
@@ -2815,10 +2815,12 @@ remoteDispatchAuthPolkit(virNetServerPtr server ATTRIBUTE_UNUSED,
     int status = -1;
     char *ident = NULL;
     bool authdismissed = 0;
+    bool supportsuid = false;
     char *pkout = NULL;
     struct daemonClientPrivate *priv =
         virNetServerClientGetPrivateData(client);
     virCommandPtr cmd = NULL;
+    static bool polkitInsecureWarned;
 
     virMutexLock(&priv->lock);
     action = virNetServerClientGetReadonly(client) ?
@@ -2840,14 +2842,28 @@ remoteDispatchAuthPolkit(virNetServerPtr server ATTRIBUTE_UNUSED,
         goto authfail;
     }
 
+    if (timestamp == 0) {
+        VIR_WARN("Failing polkit auth due to missing client (pid=%lld) start time",
+                 (long long)callerPid);
+        goto authfail;
+    }
+
     VIR_INFO("Checking PID %lld running as %d",
              (long long) callerPid, callerUid);
 
     virCommandAddArg(cmd, "--process");
-    if (timestamp != 0) {
-        virCommandAddArgFormat(cmd, "%lld,%llu", (long long) callerPid, timestamp);
+# ifdef PKCHECK_SUPPORTS_UID
+    supportsuid = true;
+# endif
+    if (supportsuid) {
+        virCommandAddArgFormat(cmd, "%lld,%llu,%lu",
+                               (long long) callerPid, timestamp, (unsigned long) callerUid);
     } else {
-        virCommandAddArgFormat(cmd, "%lld", (long long) callerPid);
+        if (!polkitInsecureWarned) {
+            VIR_WARN("No support for caller UID with pkcheck. This deployment is known to be insecure.");
+            polkitInsecureWarned = true;
+        }
+        virCommandAddArgFormat(cmd, "%lld,%llu", (long long) callerPid, timestamp);
     }
     virCommandAddArg(cmd, "--allow-user-interaction");
 
diff --git a/libvirt.spec.in b/libvirt.spec.in
index 87253c6d8f4d91914db17f711fda21921eddbd25..c099b6ed86a6cb2e77c783774a37ef3b04a00d86 100644
--- a/libvirt.spec.in
+++ b/libvirt.spec.in
@@ -469,8 +469,7 @@ BuildRequires: cyrus-sasl-devel
 %endif
 %if %{with_polkit}
     %if 0%{?fedora} >= 12 || 0%{?rhel} >= 6
-# Only need the binary, not -devel
-BuildRequires: polkit >= 0.93
+BuildRequires: polkit-devel >= 0.93
     %else
 BuildRequires: PolicyKit-devel >= 0.6
     %endif