diff --git a/cyrus-sasl.spec b/cyrus-sasl.spec
index 84d0686..e96274f 100644
--- a/cyrus-sasl.spec
+++ b/cyrus-sasl.spec
@@ -1,10 +1,14 @@
+%define username	saslauth
+%define hint		"Saslauthd user"
+%define homedir		%{_var}/empty/%{username}
+
 %define _plugindir2 %{_libdir}/sasl2
 %define bootstrap_cyrus_sasl 0
 
 Summary: The Cyrus SASL library
 Name: cyrus-sasl
 Version: 2.1.23
-Release: 2%{?dist}
+Release: 3%{?dist}
 License: BSD
 Group: System Environment/Libraries
 # Source0 originally comes from ftp://ftp.andrew.cmu.edu/pub/cyrus-mail/;
@@ -41,6 +45,12 @@ BuildRequires: db4-devel
 BuildRequires: openldap-devel
 %endif
 Requires(post): chkconfig, /sbin/service
+Requires(pre): /usr/sbin/useradd /usr/sbin/groupadd
+Requires(postun): /usr/sbin/userdel /usr/sbin/groupdel
+Requires: /sbin/nologin
+Provides: user(%username) = %hint
+Provides: group(%username) = %hint
+
 
 %description
 The %{name} package contains the Cyrus implementation of SASL.
@@ -292,6 +302,10 @@ rm -f $RPM_BUILD_ROOT%{_mandir}/cat8/saslauthd.8
 %clean
 test "$RPM_BUILD_ROOT" != "/" && rm -rf $RPM_BUILD_ROOT
 
+%pre
+/usr/sbin/groupadd -r %{username} 2> /dev/null || :
+/usr/sbin/useradd -c \"%{hint}\" -g %{username} -s /sbin/nologin -r -d %{homedir} %{username} 2> /dev/null || :
+
 %post
 /sbin/chkconfig --add saslauthd
 
@@ -305,6 +319,8 @@ fi
 if [ $1 -ne 0 ] ; then
         /sbin/service saslauthd condrestart 2>&1 > /dev/null
 fi
+/usr/sbin/userdel %{username}
+/usr/sbin/groupdel %{username}
 
 %post lib -p /sbin/ldconfig
 %postun lib -p /sbin/ldconfig
@@ -371,6 +387,9 @@ fi
 %{_sbindir}/sasl2-shared-mechlist
 
 %changelog
+* Wed Sep 23 2009 Jan F. Chadima <jchadima@redhat.com> - 2.1.23-3
+- Add possibility to run the saslauth without root privilegies (#185614)
+
 * Fri Aug 21 2009 Tomas Mraz <tmraz@redhat.com> - 2.1.23-2
 - rebuilt with new openssl
 
diff --git a/saslauthd.init b/saslauthd.init
index 53c34e0..6239554 100755
--- a/saslauthd.init
+++ b/saslauthd.init
@@ -38,7 +38,7 @@ lockfile=/var/lock/subsys/$prog
 start() {
 	[ -x $path ] || exit 5
 	echo -n $"Starting $prog: "
-	daemon $path -m $SOCKETDIR -a $MECH $FLAGS
+	daemon $DAEMONOPTS $path -m $SOCKETDIR -a $MECH $FLAGS
 	RETVAL=$?
 	echo
 	[ $RETVAL -eq 0 ] && touch $lockfile
diff --git a/saslauthd.sysconfig b/saslauthd.sysconfig
index 08e4373..71a7de5 100644
--- a/saslauthd.sysconfig
+++ b/saslauthd.sysconfig
@@ -6,6 +6,9 @@ SOCKETDIR=/var/run/saslauthd
 # of which mechanism your installation was compiled with the ablity to use.
 MECH=pam
 
+# Options sent to the saslauthd. If the MECH is other than "pam" uncomment the next line.
+# DAEMONOPTS=--user saslauth
+
 # Additional flags to pass to saslauthd on the command line.  See saslauthd(8)
 # for the list of accepted flags.
 FLAGS=