diff --git a/.gitignore b/.gitignore
index 6a56c2089..552974a11 100644
--- a/.gitignore
+++ b/.gitignore
@@ -37,6 +37,8 @@ asn1_*_asn1.c
 *.log
 *.trs
 *.tmp
+result
+result-*
 
 # Top-level files.
 
diff --git a/configure.ac b/configure.ac
index 8cef4c4c1..8f64c4166 100644
--- a/configure.ac
+++ b/configure.ac
@@ -252,7 +252,7 @@ AC_ARG_WITH([systemd],
   [],
   [with_systemd=check])
 if test "$with_systemd" != "no"; then
-  PKG_CHECK_MODULES([SYSTEMD], [libsystemd >= 257.0],
+  PKG_CHECK_MODULES([SYSTEMD], [libsystemd >= 256.0],
 		    [with_systemd=yes],[with_systemd=no])
 fi
 if test "$with_systemd" = "yes"; then
diff --git a/kadmin/Makefile.am b/kadmin/Makefile.am
index d9b8fee1c..84c830156 100644
--- a/kadmin/Makefile.am
+++ b/kadmin/Makefile.am
@@ -75,6 +75,10 @@ kadmind_LDADD = $(top_builddir)/lib/kadm5/libkadm5srv.la \
 	$(LIB_pidfile) \
 	$(LIB_dlopen)
 
+if HAVE_SYSTEMD
+kadmind_LDADD += $(SYSTEMD_LIBS)
+endif
+
 kadmin_LDADD = \
 	$(top_builddir)/lib/kadm5/libkadm5clnt.la \
 	$(top_builddir)/lib/kadm5/libkadm5srv.la \
diff --git a/kadmin/rpc.c b/kadmin/rpc.c
index 8a176da63..9d2c7ed49 100644
--- a/kadmin/rpc.c
+++ b/kadmin/rpc.c
@@ -36,6 +36,9 @@
 #include <gssapi.h>
 #include <gssapi_krb5.h>
 #include <gssapi_spnego.h>
+#ifdef HAVE_SYSTEMD
+#include <systemd/sd-daemon.h>
+#endif
 
 #define CHECK(x)							\
 	do {								\
@@ -799,6 +802,10 @@ process_stream(krb5_context contextp,
      */
 
     INSIST(ilen >= 4);
+    
+    #ifdef HAVE_SYSTEMD
+    sd_notify(0, "READY=1");
+    #endif
 
     while (1) {
 	struct call_header chdr;
@@ -1129,6 +1136,10 @@ process_stream(krb5_context contextp,
 	}
 
     }
+    
+    #ifdef HAVE_SYSTEMD
+    sd_notify(0, "STOPPING=1");
+    #endif
 }
 
 
diff --git a/kadmin/server.c b/kadmin/server.c
index 281822a30..0e2681668 100644
--- a/kadmin/server.c
+++ b/kadmin/server.c
@@ -33,6 +33,9 @@
 
 #include "kadmin_locl.h"
 #include <krb5-private.h>
+#ifdef HAVE_SYSTEMD
+#include <systemd/sd-daemon.h>
+#endif
 
 static kadm5_ret_t check_aliases(kadm5_server_context *,
                                  kadm5_principal_ent_rec *,
@@ -1131,7 +1134,16 @@ handle_v5(krb5_context contextp,
 	krb5_err(contextp, 1, ret, "kadm5_init_with_password_ctx");
         return;
     }
+    
+    #ifdef HAVE_SYSTEMD
+    sd_notify(0, "READY=1");
+    #endif
+    
     v5_loop(contextp, ac, initial, kadm_handlep, fd, readonly);
+    
+    #ifdef HAVE_SYSTEMD
+    sd_notify(0, "STOPPING=1");
+    #endif
 }
 
 krb5_error_code
@@ -1171,4 +1183,3 @@ kadmind_loop(krb5_context contextp,
 
     return 0;
 }
-
diff --git a/kpasswd/Makefile.am b/kpasswd/Makefile.am
index 88132df6a..f938ccab2 100644
--- a/kpasswd/Makefile.am
+++ b/kpasswd/Makefile.am
@@ -21,6 +21,10 @@ kpasswdd_LDADD = \
 	$(LIB_pidfile) \
 	$(LIB_dlopen) \
 	$(DB3LIB) $(DB1LIB) $(LMDBLIB) $(NDBMLIB)
+	
+if HAVE_SYSTEMD
+kpasswdd_LDADD += $(SYSTEMD_LIBS)
+endif
 
 LDADD = $(top_builddir)/lib/krb5/libkrb5.la \
 	$(LIB_hcrypto) \
diff --git a/kpasswd/kpasswdd.c b/kpasswd/kpasswdd.c
index 43a733589..1198241fe 100644
--- a/kpasswd/kpasswdd.c
+++ b/kpasswd/kpasswdd.c
@@ -38,6 +38,9 @@ RCSID("$Id$");
 #ifdef HAVE_SYS_UN_H
 #include <sys/un.h>
 #endif
+#ifdef HAVE_SYSTEMD
+#include <systemd/sd-daemon.h>
+#endif
 #include <hdb.h>
 #include <kadm5/private.h>
 #include <kadm5/kadm5_err.h>
@@ -744,6 +747,10 @@ doit(krb5_keytab keytab, int port)
 	krb5_errx(context, 1, "No sockets!");
 
     roken_detach_finish(NULL, daemon_child);
+    
+    #ifdef HAVE_SYSTEMD
+    sd_notify(0, "READY=1");
+    #endif
 
     while (exit_flag == 0) {
 	krb5_ssize_t retx;
@@ -776,6 +783,10 @@ doit(krb5_keytab keytab, int port)
 			 buf, retx);
 	    }
     }
+    
+    #ifdef HAVE_SYSTEMD
+    sd_notify(0, "STOPPING=1");
+    #endif
 
     for (i = 0; i < n; ++i)
 	close(sockets[i]);
diff --git a/nix/heimdal/default.nix b/nix/heimdal/default.nix
index 78e3c2618..78cfc652d 100644
--- a/nix/heimdal/default.nix
+++ b/nix/heimdal/default.nix
@@ -22,6 +22,7 @@
   pam,
   libmicrohttpd,
   cjson,
+  systemdMinimal,
 
   CoreFoundation,
   Security,
@@ -43,6 +44,7 @@
   withOpenLDAPAsHDBModule ? false,
   withOpenSSL ? true,
   withSQLite3 ? true,
+  withSystemd ? lib.meta.availableOn stdenv.hostPlatform systemdMinimal
 }:
 
 assert lib.assertMsg (withOpenLDAPAsHDBModule -> withOpenLDAP) ''
@@ -89,7 +91,8 @@ stdenv.mkDerivation {
     ++ lib.optionals (withMicroHTTPD) [ libmicrohttpd ]
     ++ lib.optionals (withOpenLDAP) [ openldap ]
     ++ lib.optionals (withOpenSSL) [ openssl ]
-    ++ lib.optionals (withSQLite3) [ sqlite ];
+    ++ lib.optionals (withSQLite3) [ sqlite ]
+    ++ lib.optionals (withSystemd) [ systemdMinimal ];
 
   doCheck = true;
   nativeCheckInputs = [
@@ -125,6 +128,9 @@ stdenv.mkDerivation {
     ]
     ++ lib.optionals (withSQLite3) [
       "--with-sqlite3=${sqlite.dev}"
+    ]
+    ++ lib.optionals (withSystemd) [
+      "--with-systemd=yes"
     ];
 
   patches = [
diff --git a/nix/module/heimdal.nix b/nix/module/heimdal.nix
index 0bc9a96d1..012a9997f 100644
--- a/nix/module/heimdal.nix
+++ b/nix/module/heimdal.nix
@@ -74,6 +74,7 @@ in
         ExecStart = "${package}/libexec/kadmind --config-file=/etc/heimdal-kdc/kdc.conf";
         Slice = "system-kerberos-server.slice";
         StateDirectory = "heimdal";
+        Type = "notify";
       };
       restartTriggers = [ kdcConfFile ];
     };
@@ -98,6 +99,7 @@ in
         ExecStart = "${package}/libexec/kpasswdd";
         Slice = "system-kerberos-server.slice";
         StateDirectory = "heimdal";
+        Type = "notify";
       };
       restartTriggers = [ kdcConfFile ];
     };
diff --git a/nix/shell.nix b/nix/shell.nix
index 0db62bec6..6ccc78ab0 100644
--- a/nix/shell.nix
+++ b/nix/shell.nix
@@ -31,6 +31,7 @@ pkgs.mkShell {
     openldap
     openssl
     sqlite
+    systemdMinimal
   ];
 
   env = {