diff --git a/daemon/remote.c b/daemon/remote.c
index 1ada146cc47b6baef189f48329d419598b8f7b30..47258960a2a499ba6d5f63ede2478030f90b90ac 100644
--- a/daemon/remote.c
+++ b/daemon/remote.c
@@ -2471,6 +2471,8 @@ remoteDispatchAuthPolkit(virNetServerPtr server ATTRIBUTE_UNUSED,
     const char *action;
     int status = -1;
     char *ident = NULL;
+    bool authdismissed = 0;
+    char *pkout = NULL;
     struct daemonClientPrivate *priv =
         virNetServerClientGetPrivateData(client);
     virCommandPtr cmd = NULL;
@@ -2481,6 +2483,7 @@ remoteDispatchAuthPolkit(virNetServerPtr server ATTRIBUTE_UNUSED,
         "org.libvirt.unix.manage";
 
     cmd = virCommandNewArgList(PKCHECK_PATH, "--action-id", action, NULL);
+    virCommandSetOutputBuffer(cmd, &pkout);
 
     VIR_DEBUG("Start PolicyKit auth %d", virNetServerClientGetFD(client));
     if (virNetServerClientGetAuth(client) != VIR_NET_SERVER_SERVICE_AUTH_POLKIT) {
@@ -2509,6 +2512,7 @@ remoteDispatchAuthPolkit(virNetServerPtr server ATTRIBUTE_UNUSED,
     if (virCommandRun(cmd, &status) < 0)
         goto authfail;
 
+    authdismissed = (pkout && strstr(pkout, "dismissed=true"));
     if (status != 0) {
         char *tmp = virCommandTranslateStatus(status);
         VIR_ERROR(_("Policy kit denied action %s from pid %lld, uid %d: %s"),
@@ -2533,9 +2537,15 @@ remoteDispatchAuthPolkit(virNetServerPtr server ATTRIBUTE_UNUSED,
 error:
     virCommandFree(cmd);
     VIR_FREE(ident);
+    VIR_FREE(pkout);
     virResetLastError();
-    virNetError(VIR_ERR_AUTH_FAILED, "%s",
-                _("authentication failed"));
+    if (authdismissed) {
+        virNetError(VIR_ERR_AUTH_CANCELLED, "%s",
+                    _("authentication cancelled by user"));
+    } else {
+        virNetError(VIR_ERR_AUTH_FAILED, "%s",
+                    _("authentication failed"));
+    }
     virNetMessageSaveError(rerr);
     virMutexUnlock(&priv->lock);
     return -1;
diff --git a/include/libvirt/virterror.h b/include/libvirt/virterror.h
index e896d67ce2c633d2b2e5460bae43958cbf048afb..9844cbe23f1f076888294b3f8ad00fc73239e82a 100644
--- a/include/libvirt/virterror.h
+++ b/include/libvirt/virterror.h
@@ -243,6 +243,7 @@ typedef enum {
                                            risky domain snapshot revert */
     VIR_ERR_OPERATION_ABORTED = 78,     /* operation on a domain was
                                            canceled/aborted by user */
+    VIR_ERR_AUTH_CANCELLED = 79,        /* authentication cancelled */
 } virErrorNumber;
 
 /**
diff --git a/src/util/virterror.c b/src/util/virterror.c
index 85eec8dcca8fcdbeac43832c6f80fa70914109d2..31ddd9d2d3c8be11c9ceabae111b6241e03c3a57 100644
--- a/src/util/virterror.c
+++ b/src/util/virterror.c
@@ -1022,6 +1022,12 @@ virErrorMsg(virErrorNumber error, const char *info)
             else
                 errmsg = _("authentication failed: %s");
             break;
+        case VIR_ERR_AUTH_CANCELLED:
+            if (info == NULL)
+                errmsg = _("authentication cancelled");
+            else
+                errmsg = _("authentication cancelled: %s");
+            break;
         case VIR_ERR_NO_STORAGE_POOL:
             if (info == NULL)
                 errmsg = _("Storage pool not found");