diff --git a/kdc/main.c b/kdc/main.c
index 1edd14219..cd9686912 100644
--- a/kdc/main.c
+++ b/kdc/main.c
@@ -68,8 +68,12 @@ switch_environment(void)
     if ((runas_string || chroot_string) && geteuid() != 0)
 	errx(1, "no running as root, can't switch user/chroot");
 
-    if (chroot_string && chroot(chroot_string) != 0)
-	errx(1, "chroot(%s)", "chroot_string failed");
+    if (chroot_string) {
+	if (chroot(chroot_string))
+	    err(1, "chroot(%s) failed", chroot_string);
+	if (chdir("/"))
+	    err(1, "chdir(/) after chroot failed");
+    }
 
     if (runas_string) {
 	struct passwd *pw;