{
unsigned int lctrl;
int ret;
+ bool cached_login = false;
/* <DO NOT free() THESE> */
const char *user;
_PAM_LOG_FUNCTION_ENTER("pam_sm_chauthtok", ctx);
- /* clearing offline bit for the auth in the password change */
+ cached_login = (ctx->ctrl & WINBIND_CACHED_LOGIN);
+
+ /* clearing offline bit for auth */
ctx->ctrl &= ~WINBIND_CACHED_LOGIN;
/*
_pam_get_data(pamh, PAM_WINBIND_PWD_LAST_SET,
&pwdlastset_update);
+ /*
+ * if cached creds were enabled, make sure to set the
+ * WINBIND_CACHED_LOGIN bit here in order to have winbindd
+ * update the cached creds storage - gd
+ */
+ if (cached_login) {
+ ctx->ctrl |= WINBIND_CACHED_LOGIN;
+ }
+
ret = winbind_chauthtok_request(ctx, user, pass_old,
pass_new, pwdlastset_update);
if (ret) {
cctype = get_krb5_cc_type_from_config(ctx);
warn_pwd_expire = get_warn_pwd_expire_from_config(ctx);
+ /* clearing offline bit for auth */
+ ctx->ctrl &= ~WINBIND_CACHED_LOGIN;
+
ret = winbind_auth_request(ctx, user, pass_new,
member, cctype, 0, &response,
NULL, &username_ret);