3 files changed, 11 insertions, 7 deletions

diff --git a/source3/nsswitch/pam_winbind.c b/source3/nsswitch/pam_winbind.c
index f00db39b45..4d019072ac 100644
--- a/source3/nsswitch/pam_winbind.c
+++ b/source3/nsswitch/pam_winbind.c
@@ -1201,6 +1201,7 @@ static int winbind_auth_request(pam_handle_t * pamh,
 	request.data.auth.uid = -1;
 
 	request.flags = WBFLAG_PAM_INFO3_TEXT |
+			WBFLAG_PAM_GET_PWD_POLICY |
 			WBFLAG_PAM_CONTACT_TRUSTDOM;
 
 	if (ctrl & (WINBIND_KRB5_AUTH|WINBIND_CACHED_LOGIN)) {
diff --git a/source3/nsswitch/winbind_struct_protocol.h b/source3/nsswitch/winbind_struct_protocol.h
index 5b663c63f7..12ca1e55c8 100644
--- a/source3/nsswitch/winbind_struct_protocol.h
+++ b/source3/nsswitch/winbind_struct_protocol.h
@@ -194,7 +194,7 @@ typedef struct winbindd_gr {
 #define WBFLAG_PAM_KRB5			0x00001000
 #define WBFLAG_PAM_FALLBACK_AFTER_KRB5	0x00002000
 #define WBFLAG_PAM_CACHED_LOGIN		0x00004000
-#define WBFLAG_PAM_GET_PWD_POLICY	0x00008000	/* not used */
+#define WBFLAG_PAM_GET_PWD_POLICY	0x00008000
 
 /* generic request flags */
 #define WBFLAG_QUERY_ONLY		0x00000020	/* not used */
diff --git a/source3/winbindd/winbindd_pam.c b/source3/winbindd/winbindd_pam.c
index 5133239258..7a9014a82f 100644
--- a/source3/winbindd/winbindd_pam.c
+++ b/source3/winbindd/winbindd_pam.c
@@ -1593,13 +1593,16 @@ process_result:
 			}
 		}
 
-		result = fillup_password_policy(domain, state);
 
-		if (!NT_STATUS_IS_OK(result) 
-		    && !NT_STATUS_EQUAL(result, NT_STATUS_NOT_SUPPORTED) ) 
-		{
-			DEBUG(10,("Failed to get password policies: %s\n", nt_errstr(result)));
-			goto done;
+		if (state->request.flags & WBFLAG_PAM_GET_PWD_POLICY) {
+			result = fillup_password_policy(domain, state);
+
+			if (!NT_STATUS_IS_OK(result) 
+			    && !NT_STATUS_EQUAL(result, NT_STATUS_NOT_SUPPORTED) ) 
+			{
+				DEBUG(10,("Failed to get password policies: %s\n", nt_errstr(result)));
+				goto done;
+			}
 		}
 
 		result = NT_STATUS_OK;