Fix bug #9098 - winbind does not refresh kerberos tickets.

[samba.git] / source3 / winbindd / winbindd_pam.c

diff --git a/source3/winbindd/winbindd_pam.c b/source3/winbindd/winbindd_pam.c
index c8910d6a437c6e30b723e0cd4ada44526b3855a6..4cc181a7eaf56b2a2a590c56de2d8eda37d3df7b 100644 (file)
--- a/source3/winbindd/winbindd_pam.c
+++ b/source3/winbindd/winbindd_pam.c
@@ -656,6 +656,7 @@ static NTSTATUS winbindd_raw_kerberos_login(struct winbindd_domain *domain,
                                            cc,
                                            service,
                                            state->request->data.auth.user,
+                                           state->request->data.auth.pass,
                                            realm,
                                            uid,
                                            time(NULL),
@@ -1034,6 +1035,7 @@ static NTSTATUS winbindd_dual_pam_auth_cached(struct winbindd_domain *domain,
                                                            cc,
                                                            service,
                                                            state->request->data.auth.user,
+                                                           state->request->data.auth.pass,
                                                            domain->alt_name,
                                                            uid,
                                                            time(NULL),
@@ -2456,6 +2458,13 @@ enum winbindd_result winbindd_dual_pam_logoff(struct winbindd_domain *domain,
                goto process_result;
        }
 
+       /*
+        * Remove any mlock'ed memory creds in the child
+        * we might be using for krb5 ticket renewal.
+        */
+
+       winbindd_delete_memory_creds(state->request->data.logoff.user);
+
 #else
        result = NT_STATUS_NOT_SUPPORTED;
 #endif