diff --git a/cmd/auth-server/main.go b/cmd/auth-server/main.go
index a0d017ff1dd983f1486667f9ad0b0e9238324722..c93644c1c41d667d55a6230b74fa682a859c68c1 100644
--- a/cmd/auth-server/main.go
+++ b/cmd/auth-server/main.go
@@ -8,6 +8,7 @@ import (
 	"os"
 	"os/signal"
 	"syscall"
+	"time"
 
 	"git.autistici.org/ai3/go-common/unix"
 	"github.com/coreos/go-systemd/daemon"
@@ -21,6 +22,7 @@ var (
 	socketPath              = flag.String("socket", "/run/auth/socket", "`path` to the UNIX socket to listen on")
 	systemdSocketActivation = flag.Bool("systemd-socket", false, "use SystemD socket activation")
 	httpAddr                = flag.String("http-addr", "", "if not nil, bind an HTTP server to this `addr` for Prometheus metrics")
+	requestTimeout          = flag.Duration("timeout", 5*time.Second, "timeout for incoming requests")
 )
 
 func usage() {
@@ -58,6 +60,7 @@ func main() {
 	}
 
 	srv := unix.NewLineServer(server.NewSocketServer(authSrv))
+	srv.RequestTimeout = *requestTimeout
 
 	var sockSrv *unix.SocketServer
 	if *systemdSocketActivation {