From b40b30f65857b00c12ec664218ce6d33c27d8efc Mon Sep 17 00:00:00 2001
From: Illyoung Choi <iychoi@email.arizona.edu>
Date: Wed, 23 Oct 2024 12:17:07 -0700
Subject: [PATCH] use original password for dedicated pam api

---
 irods/connection/connection.go | 6 +++---
 irods/types/error.go           | 2 +-
 2 files changed, 4 insertions(+), 4 deletions(-)

diff --git a/irods/connection/connection.go b/irods/connection/connection.go
index 357a007..99b2546 100644
--- a/irods/connection/connection.go
+++ b/irods/connection/connection.go
@@ -119,7 +119,7 @@ func (conn *IRODSConnection) SupportParallelUpload() bool {
 	return conn.serverVersion.HasHigherVersionThan(4, 2, 9)
 }
 
-func (conn *IRODSConnection) requirePAMPassword() bool {
+func (conn *IRODSConnection) requreNewPamAuth() bool {
 	return conn.serverVersion.HasHigherVersionThan(4, 3, 0)
 }
 
@@ -579,7 +579,7 @@ func (conn *IRODSConnection) loginPAMWithPassword() error {
 	authContext := strings.Join([]string{userKV, passwordKV, ttlKV}, ";")
 
 	useDedicatedPAMApi := true
-	if conn.requirePAMPassword() {
+	if conn.requreNewPamAuth() {
 		useDedicatedPAMApi = strings.ContainsAny(pamPassword, ";=") || len(authContext) >= 1024+64
 	}
 
@@ -589,7 +589,7 @@ func (conn *IRODSConnection) loginPAMWithPassword() error {
 	if useDedicatedPAMApi {
 		logger.Debugf("use dedicated PAM api")
 
-		pamAuthRequest := message.NewIRODSMessagePamAuthRequest(conn.account.ProxyUser, pamPassword, ttl)
+		pamAuthRequest := message.NewIRODSMessagePamAuthRequest(conn.account.ProxyUser, conn.account.Password, ttl)
 		pamAuthResponse := message.IRODSMessagePamAuthResponse{}
 		err := conn.RequestAndCheck(pamAuthRequest, &pamAuthResponse, nil)
 		if err != nil {
diff --git a/irods/types/error.go b/irods/types/error.go
index ac03e90..9908872 100644
--- a/irods/types/error.go
+++ b/irods/types/error.go
@@ -117,7 +117,7 @@ func NewAuthError(config *IRODSAccount) error {
 
 // Error returns error message
 func (err *AuthError) Error() string {
-	return fmt.Sprintf("authentication error (auth scheme: %q, username: %q, zone: %q)", err.Config.AuthenticationScheme, err.Config.ClientUser, err.Config.ClientZone)
+	return fmt.Sprintf("authentication error (auth scheme: %q, proxy username: %q, client username: %q, client zone: %q)", err.Config.AuthenticationScheme, err.Config.ProxyUser, err.Config.ClientUser, err.Config.ClientZone)
 }
 
 // Is tests type of error