From 3cdd91112eb9045e65a294384a6d08d0cc6f0d36 Mon Sep 17 00:00:00 2001 From: Günther Deschner Date: Wed, 3 May 2006 15:19:31 +0000 Subject: r15417: Don't use cached credentials when changing passwords. Guenther (This used to be commit 34b29c30b2f4b5a3c40a65ca8338c87a4c16f3ff) --- source3/nsswitch/pam_winbind.c | 6 +++++- 1 file changed, 5 insertions(+), 1 deletion(-) (limited to 'source3/nsswitch') diff --git a/source3/nsswitch/pam_winbind.c b/source3/nsswitch/pam_winbind.c index a91129a805..3b42e404a4 100644 --- a/source3/nsswitch/pam_winbind.c +++ b/source3/nsswitch/pam_winbind.c @@ -242,8 +242,9 @@ static int pam_winbind_request(pam_handle_t * pamh, int ctrl, /* Copy reply data from socket */ if (response->result != WINBINDD_OK) { if (response->data.auth.pam_error != PAM_SUCCESS) { - _pam_log(LOG_ERR, "request failed: %s, PAM error was %d, NT error was %s", + _pam_log(LOG_ERR, "request failed: %s, PAM error was %s (%d), NT error was %s", response->data.auth.error_string, + pam_strerror(pamh, response->data.auth.pam_error), response->data.auth.pam_error, response->data.auth.nt_status_string); return response->data.auth.pam_error; @@ -1150,6 +1151,9 @@ int pam_sm_chauthtok(pam_handle_t * pamh, int flags, _pam_log_debug(ctrl, LOG_DEBUG,"pam_winbind: pam_sm_chauthtok"); + /* clearing offline bit for the auth in the password change */ + ctrl &= ~WINBIND_CACHED_LOGIN; + /* * First get the name of a user */ -- cgit