diff --git a/src/device.c b/src/device.c
index 811995b..032a7e7 100644
--- a/src/device.c
+++ b/src/device.c
@@ -301,6 +301,7 @@ _fprint_device_check_polkit_for_action (FprintDevice *rdev, DBusGMethodInvocatio
 	PolKitCaller *pk_caller;
 	PolKitAction *pk_action;
 	PolKitResult pk_result;
+	uid_t uid;
 
 	/* Check that caller is privileged */
 	sender = dbus_g_method_get_sender (context);
@@ -318,6 +319,17 @@ _fprint_device_check_polkit_for_action (FprintDevice *rdev, DBusGMethodInvocatio
 		return FALSE;
 	}
 
+	/* XXX Hack?
+	 * We'd like to allow root to set the username by default, so
+	 * it can authenticate users through PAM
+	 * https://bugzilla.redhat.com/show_bug.cgi?id=447266 */
+	if ((polkit_caller_get_uid (pk_caller, &uid) && uid == 0) &&
+	    (g_str_equal (action, "net.reactivated.fprint.device.setusername") ||
+	     g_str_equal (action, "net.reactivated.fprint.device.verify"))) {
+		polkit_caller_unref (pk_caller);
+		return TRUE;
+	}
+
 	pk_action = polkit_action_new ();
 	polkit_action_set_action_id (pk_action, action);
 	pk_result = polkit_context_is_caller_authorized (priv->pol_ctx, pk_action, pk_caller,