diff --git a/configure.ac b/configure.ac
index 44dbda4eb..0d35d81f4 100644
--- a/configure.ac
+++ b/configure.ac
@@ -1075,6 +1075,10 @@ XSERVER_SYS_LIBS="${XSERVERLIBS_LIBS} ${SYS_LIBS} ${LIBS}"
 AC_SUBST([XSERVER_LIBS])
 AC_SUBST([XSERVER_SYS_LIBS])
 
+if test "x$HAVE_LAUNCHD" = xyes; then
+   XSERVER_CFLAGS="$XSERVER_CFLAGS -DHAVE_LAUNCHD"
+fi
+
 # The Xorg binary needs to export symbols so that they can be used from modules
 # Some platforms require extra flags to do this.   gcc should set these flags
 # when -rdynamic is passed to it, other compilers/linkers may need to be added
diff --git a/os/connection.c b/os/connection.c
index d975f87d2..d1bc4d04e 100644
--- a/os/connection.c
+++ b/os/connection.c
@@ -74,6 +74,9 @@ SOFTWARE.
 #define TRANS_SERVER
 #define TRANS_REOPEN
 #include <X11/Xtrans/Xtrans.h>
+#ifdef HAVE_LAUNCHD
+#include <X11/Xtrans/Xtransint.h>
+#endif
 #include <errno.h>
 #include <signal.h>
 #include <stdio.h>
@@ -660,10 +663,21 @@ ClientAuthorized(ClientPtr client,
     XID	 		auth_id;
     char	 	*reason = NULL;
     XtransConnInfo	trans_conn;
+#ifdef HAVE_LAUNCHD
+    struct sockaddr     *saddr;
+#endif
 
     priv = (OsCommPtr)client->osPrivate;
     trans_conn = priv->trans_conn;
 
+#ifdef HAVE_LAUNCHD
+    saddr = (struct sockaddr *) (trans_conn->addr);
+    /* Allow any client to connect without authorization on a launchd socket,
+       because it is securely created -- this prevents a race condition on launch */
+    if (saddr->sa_len > 11 && saddr->sa_family == AF_UNIX &&
+        !strncmp(saddr->sa_data, "/tmp/launch", 11)) goto done;
+#endif
+
     auth_id = CheckAuthorization (proto_n, auth_proto,
 				  string_n, auth_string, client, &reason);
 
@@ -719,6 +733,7 @@ ClientAuthorized(ClientPtr client,
 	}
     }
     priv->auth_id = auth_id;
+ done:
     priv->conn_time = 0;
 
 #ifdef XDMCP