pam: use PAM_REINITIALIZE_CRED

Both work fine, PAM_REINITIALIZE_CRED is the more correct
choice and is required on Solaris, see sudo bug #642;

https://bugzilla.sudo.ws/show_bug.cgi?id=642

diff --git a/pam.c b/pam.c
index 81483800655243219612ccbaf51b39b258b7018d..68294b275451c2e3ee9a88700b413114a261d748 100644 (file)
--- a/pam.c
+++ b/pam.c
@@ -313,9 +313,9 @@ pamauth(const char *user, const char *myname, int interactive, int nopass, int p
                warn("pam_set_item(?, PAM_USER, \"%s\"): %s", user,
                    pam_strerror(pamh, ret));
 
-       ret = pam_setcred(pamh, PAM_ESTABLISH_CRED);
+       ret = pam_setcred(pamh, PAM_REINITIALIZE_CRED);
        if (ret != PAM_SUCCESS)
-               warn("pam_setcred(?, PAM_ESTABLISH_CRED): %s", pam_strerror(pamh, ret));
+               warn("pam_setcred(?, PAM_REINITIALIZE_CRED): %s", pam_strerror(pamh, ret));
        else
                cred = 1;