pam: use PAM_REINITIALIZE_CRED

Both work fine, PAM_REINITIALIZE_CRED is the more correct choice and is required on Solaris, see sudo bug #642; https://bugzilla.sudo.ws/show_bug.cgi?id=642
Duncaen · Nov 14, 2020 · a1ab056 · a1ab056
1 parent b3e966b
commit a1ab056
Showing 1 changed file with 2 additions and 2 deletions.
diff --git a/pam.c b/pam.c
@@ -313,9 +313,9 @@ pamauth(const char *user, const char *myname, int interactive, int nopass, int p
 		warn("pam_set_item(?, PAM_USER, \"%s\"): %s", user,
 		    pam_strerror(pamh, ret));
 
-	ret = pam_setcred(pamh, PAM_ESTABLISH_CRED);
+	ret = pam_setcred(pamh, PAM_REINITIALIZE_CRED);
 	if (ret != PAM_SUCCESS)
-		warn("pam_setcred(?, PAM_ESTABLISH_CRED): %s", pam_strerror(pamh, ret));
+		warn("pam_setcred(?, PAM_REINITIALIZE_CRED): %s", pam_strerror(pamh, ret));
 	else
 		cred = 1;