diff --git a/server/core/maxkeys.cc b/server/core/maxkeys.cc
index b5b1ef8ce..360c5455b 100644
--- a/server/core/maxkeys.cc
+++ b/server/core/maxkeys.cc
@@ -62,9 +62,9 @@ int main(int argc, char** argv)
 
     int c;
 #ifdef HAVE_GLIBC
-    while ((c = getopt_long(argc, argv, "h", options, NULL)) != -1)
+    while ((c = getopt_long(argc, argv, "hu:", options, NULL)) != -1)
 #else
-    while ((c = getopt(argc, argv, "h")) != -1)
+    while ((c = getopt(argc, argv, "hu:")) != -1)
 #endif
     {
         switch (c)
diff --git a/server/core/test/test_maxpasswd.sh b/server/core/test/test_maxpasswd.sh
index 098f5b5fe..b996ccfa3 100755
--- a/server/core/test/test_maxpasswd.sh
+++ b/server/core/test/test_maxpasswd.sh
@@ -4,22 +4,32 @@
 SECRETS_DIR=`mktemp -d`
 
 # Generate a .secrets file.
-../maxkeys ${SECRETS_DIR} || exit 1
+../maxkeys -u $(whoami) ${SECRETS_DIR} || exit 1
 
 # Generate a key.
-KEY=`../maxpasswd ${SECRETS_DIR} dummy`
+KEY1=$(../maxpasswd ${SECRETS_DIR} dummy)
+KEY2=$(../maxpasswd ${SECRETS_DIR} dummy)
 
 # Remove the temporary directory.
 rm -rf ${SECRETS_DIR}
 
 # Get the length of the generated KEY.
-LENGTH=${#KEY}
+LENGTH=${#KEY1}
 
 if [ ${LENGTH} -eq 32 ]
 then
     # Exactly 32 characters => Ok!
-    exit 0
+
+    if [ "$KEY1" == "$KEY2" ]
+    then
+        # Password encryption returns the same results when invoked multiple times
+        exit 0
+    else
+        echo "First generated key ($KEY1) and second generated key ($KEY2) do not match."
+        exit 1
+    fi
 else
     # Something else; chances are maxpasswd outputs garbage.
+    echo "Expected 32 characters, got $LENGTH"
     exit 1
 fi