r21318: Fix Bug #4225.

Cached logon with pam_winbind should work now also for NT4 and samba3
domains.

Guenther
(This used to be commit b2f91154820219959b8008b15802c70e1d76d158)

1 files changed, 8 insertions, 6 deletions

diff --git a/source3/nsswitch/pam_winbind.c b/source3/nsswitch/pam_winbind.c
index bf61b3791d..d2979ed71c 100644
--- a/source3/nsswitch/pam_winbind.c
+++ b/source3/nsswitch/pam_winbind.c
@@ -1029,14 +1029,9 @@ static int winbind_auth_request(pam_handle_t * pamh,
 	
 	request.flags = WBFLAG_PAM_INFO3_TEXT | WBFLAG_PAM_CONTACT_TRUSTDOM;
 
-	if (ctrl & WINBIND_KRB5_AUTH) {
-
+	if (ctrl & (WINBIND_KRB5_AUTH|WINBIND_CACHED_LOGIN)) {
 		struct passwd *pwd = NULL;
 
-		_pam_log_debug(pamh, ctrl, LOG_DEBUG, "enabling krb5 login flag\n"); 
-
-		request.flags |= WBFLAG_PAM_KRB5 | WBFLAG_PAM_FALLBACK_AFTER_KRB5;
-
 		pwd = getpwnam(user);
 		if (pwd == NULL) {
 			return PAM_USER_UNKNOWN;
@@ -1044,6 +1039,13 @@ static int winbind_auth_request(pam_handle_t * pamh,
 		request.data.auth.uid = pwd->pw_uid;
 	}
 
+	if (ctrl & WINBIND_KRB5_AUTH) {
+
+		_pam_log_debug(pamh, ctrl, LOG_DEBUG, "enabling krb5 login flag\n"); 
+
+		request.flags |= WBFLAG_PAM_KRB5 | WBFLAG_PAM_FALLBACK_AFTER_KRB5;
+	}
+
 	if (ctrl & WINBIND_CACHED_LOGIN) {
 		_pam_log_debug(pamh, ctrl, LOG_DEBUG, "enabling cached login flag\n"); 
 		request.flags |= WBFLAG_PAM_CACHED_LOGIN;