7 files changed, 12 insertions, 6 deletions
diff --git a/src/db/sysdb.h b/src/db/sysdb.h
index 1edf447fc..707e14786 100644
--- a/src/db/sysdb.h
+++ b/src/db/sysdb.h
@@ -698,6 +698,7 @@ errno_t sysdb_update_members(struct sysdb_ctx *sysdb,
  * in this case a transaction will be automatically started and the
  * function will be completely wrapped in it's own sysdb transaction */
 int sysdb_cache_password(struct sysdb_ctx *sysdb,
+                         struct sss_domain_info *domain,
                          const char *username,
                          const char *password);
 
diff --git a/src/db/sysdb_ops.c b/src/db/sysdb_ops.c
index b8682608c..3da1d74bb 100644
--- a/src/db/sysdb_ops.c
+++ b/src/db/sysdb_ops.c
@@ -1945,6 +1945,7 @@ int sysdb_remove_group_member(struct sysdb_ctx *sysdb,
 /* =Password-Caching====================================================== */
 
 int sysdb_cache_password(struct sysdb_ctx *sysdb,
+                         struct sss_domain_info *domain,
                          const char *username,
                          const char *password)
 {
@@ -1988,7 +1989,7 @@ int sysdb_cache_password(struct sysdb_ctx *sysdb,
     if (ret) goto fail;
 
 
-    ret = sysdb_set_user_attr(sysdb, sysdb->domain,
+    ret = sysdb_set_user_attr(sysdb, domain,
                               username, attrs, SYSDB_MOD_REP);
     if (ret) {
         goto fail;
diff --git a/src/providers/krb5/krb5_auth.c b/src/providers/krb5/krb5_auth.c
index 00f5c3392..b49556877 100644
--- a/src/providers/krb5/krb5_auth.c
+++ b/src/providers/krb5/krb5_auth.c
@@ -380,7 +380,9 @@ static errno_t krb5_auth_prepare_ccache_file(struct krb5child_req *kr,
     return EOK;
 }
 
-static void krb5_auth_store_creds(struct sysdb_ctx *sysdb, struct pam_data *pd)
+static void krb5_auth_store_creds(struct sysdb_ctx *sysdb,
+                                  struct sss_domain_info *domain,
+                                  struct pam_data *pd)
 {
     const char *password = NULL;
     int ret = EOK;
@@ -417,7 +419,7 @@ static void krb5_auth_store_creds(struct sysdb_ctx *sysdb, struct pam_data *pd)
         return;
     }
 
-    ret = sysdb_cache_password(sysdb, pd->user, password);
+    ret = sysdb_cache_password(sysdb, domain, pd->user, password);
     if (ret) {
         DEBUG(2, ("Failed to cache password, offline auth may not work."
                   " (%d)[%s]!?\n", ret, strerror(ret)));
@@ -1090,7 +1092,7 @@ static void krb5_auth_done(struct tevent_req *subreq)
     }
 
     if (state->be_ctx->domain->cache_credentials == TRUE) {
-        krb5_auth_store_creds(state->sysdb, pd);
+        krb5_auth_store_creds(state->sysdb, state->domain, pd);
     }
 
     state->pam_status = PAM_SUCCESS;
diff --git a/src/providers/ldap/ldap_auth.c b/src/providers/ldap/ldap_auth.c
index cffdf088e..aa07fbb8f 100644
--- a/src/providers/ldap/ldap_auth.c
+++ b/src/providers/ldap/ldap_auth.c
@@ -1157,6 +1157,7 @@ static void sdap_pam_auth_done(struct tevent_req *req)
         ret = sss_authtok_get_password(&state->pd->authtok, &password, NULL);
         if (ret == EOK) {
             ret = sysdb_cache_password(state->breq->be_ctx->sysdb,
+                                       state->breq->be_ctx->domain,
                                        state->pd->user, password);
         }
 
diff --git a/src/providers/proxy/proxy_auth.c b/src/providers/proxy/proxy_auth.c
index 3430f38b2..d4167c1fd 100644
--- a/src/providers/proxy/proxy_auth.c
+++ b/src/providers/proxy/proxy_auth.c
@@ -758,6 +758,7 @@ static void proxy_child_done(struct tevent_req *req)
         }
 
         ret = sysdb_cache_password(client_ctx->be_req->be_ctx->sysdb,
+                                   client_ctx->be_req->be_ctx->domain,
                                    pd->user, password);
 
         /* password caching failures are not fatal errors */
diff --git a/src/tests/sysdb-tests.c b/src/tests/sysdb-tests.c
index e63aa77a3..dace35095 100644
--- a/src/tests/sysdb-tests.c
+++ b/src/tests/sysdb-tests.c
@@ -1551,7 +1551,7 @@ START_TEST (test_sysdb_cache_password)
     data->ev = test_ctx->ev;
     data->username = talloc_asprintf(data, "testuser%d", _i);
 
-    ret = sysdb_cache_password(test_ctx->sysdb,
+    ret = sysdb_cache_password(test_ctx->sysdb, test_ctx->domain,
                                data->username, data->username);
 
     fail_unless(ret == EOK, "sysdb_cache_password request failed [%d].", ret);
diff --git a/src/tools/sss_seed.c b/src/tools/sss_seed.c
index 5e4504e0a..846a44723 100644
--- a/src/tools/sss_seed.c
+++ b/src/tools/sss_seed.c
@@ -752,7 +752,7 @@ static int seed_cache_user(struct seed_ctx *sctx)
         }
     }
 
-    ret = sysdb_cache_password(sctx->sysdb, sctx->uctx->name,
+    ret = sysdb_cache_password(sctx->sysdb, sctx->domain, sctx->uctx->name,
                                sctx->uctx->password);
     if (ret != EOK) {
         DEBUG(SSSDBG_OP_FAILURE, ("Failed to cache password. (%d)[%s]\n",