From a1ab056bccfe66d4f03b96e3f83168a3732e56f4 Mon Sep 17 00:00:00 2001
From: Duncan Overbruck <mail@duncano.de>
Date: Sat, 14 Nov 2020 16:28:27 +0100
Subject: [PATCH] pam: use PAM_REINITIALIZE_CRED

Both work fine, PAM_REINITIALIZE_CRED is the more correct
choice and is required on Solaris, see sudo bug #642;

https://bugzilla.sudo.ws/show_bug.cgi?id=642
---
 pam.c | 4 ++--
 1 file changed, 2 insertions(+), 2 deletions(-)

diff --git a/pam.c b/pam.c
index 8148380..68294b2 100644
--- a/pam.c
+++ b/pam.c
@@ -313,9 +313,9 @@ pamauth(const char *user, const char *myname, int interactive, int nopass, int p
 		warn("pam_set_item(?, PAM_USER, \"%s\"): %s", user,
 		    pam_strerror(pamh, ret));
 
-	ret = pam_setcred(pamh, PAM_ESTABLISH_CRED);
+	ret = pam_setcred(pamh, PAM_REINITIALIZE_CRED);
 	if (ret != PAM_SUCCESS)
-		warn("pam_setcred(?, PAM_ESTABLISH_CRED): %s", pam_strerror(pamh, ret));
+		warn("pam_setcred(?, PAM_REINITIALIZE_CRED): %s", pam_strerror(pamh, ret));
 	else
 		cred = 1;
 
-- 
2.39.2