diff --git a/lib/ipc/client.c b/lib/ipc/client.c
index cf78a7f20..5c8206fa3 100644
--- a/lib/ipc/client.c
+++ b/lib/ipc/client.c
@@ -339,7 +339,8 @@ connect_unix(struct path_ctx *s)
 }
 
 static int
-common_path_init(const char *service,
+common_path_init(const char *base,
+                 const char *service,
 		 const char *file,
 		 void **ctx)
 {
@@ -350,7 +351,7 @@ common_path_init(const char *service,
 	return ENOMEM;
     s->fd = -1;
 
-    if (asprintf(&s->path, "/var/run/.heim_%s-%s", service, file) == -1) {
+    if (asprintf(&s->path, "%s/.heim_%s-%s", base, service, file) == -1) {
 	free(s);
 	return ENOMEM;
     }
@@ -363,9 +364,10 @@ static int
 unix_socket_init(const char *service,
 		 void **ctx)
 {
+    const char *base = secure_getenv("HEIM_IPC_DIR");
     int ret;
 
-    ret = common_path_init(service, "socket", ctx);
+    ret = common_path_init(base ? base : _PATH_VARRUN, service, "socket", ctx);
     if (ret)
 	return ret;
     ret = connect_unix(*ctx);
@@ -438,10 +440,11 @@ static int
 door_init(const char *service,
 	  void **ctx)
 {
+    const char *base = secure_getenv("HEIM_IPC_DIR");
     int ret;
     struct path_ctx *d;
 
-    ret = common_path_init(service, "door", ctx);
+    ret = common_path_init(base ? base : _PATH_VARRUN, service, "door", ctx);
     if (ret)
 	return ret;
 
diff --git a/lib/ipc/server.c b/lib/ipc/server.c
index 10c693251..548a40a1a 100644
--- a/lib/ipc/server.c
+++ b/lib/ipc/server.c
@@ -1094,12 +1094,15 @@ heim_sipc_service_unix(const char *service,
 		       void *user, heim_sipc *ctx)
 {
     struct sockaddr_un un;
+    const char *d = secure_getenv("HEIM_IPC_DIR");
     int fd, ret;
 
     un.sun_family = AF_UNIX;
 
-    snprintf(un.sun_path, sizeof(un.sun_path),
-	     "/var/run/.heim_%s-socket", service);
+    if (snprintf(un.sun_path, sizeof(un.sun_path),
+                 "%s/.heim_%s-socket", d ? d : _PATH_VARRUN,
+                 service) > sizeof(un.sun_path) + sizeof("-s") - 1)
+        return ENAMETOOLONG;
     fd = socket(AF_UNIX, SOCK_STREAM, 0);
     if (fd < 0)
 	return errno;
@@ -1276,7 +1279,11 @@ heim_sipc_service_door(const char *service,
     ct->userctx = user;
     ct->callback = callback;
 
-    snprintf(path, sizeof(path), "/var/run/.heim_%s-door", service);
+    if (snprintf(path, sizeof(path), "/var/run/.heim_%s-door",
+                 service) >= sizeof(path) + sizeof("-d") - 1) {
+        ret = ENAMETOOLONG;
+        goto cleanup;
+    }
     fd = door_create(door_callback, ct, DOOR_REFUSE_DESC | DOOR_NO_CANCEL);
     if (fd < 0) {
         ret = errno;