diff -r -u a/source3/winbindd/winbindd_cred_cache.c b/source3/winbindd/winbindd_cred_cache.c
--- a/source3/winbindd/winbindd_cred_cache.c	2012-07-30 18:13:16.000000000 +0100
+++ b/source3/winbindd/winbindd_cred_cache.c	2012-08-16 14:06:15.000000000 +0100
@@ -490,6 +490,7 @@
 			    const char *ccname,
 			    const char *service,
 			    const char *username,
+			    const char *pass,
 			    const char *realm,
 			    uid_t uid,
 			    time_t create_time,
@@ -591,6 +592,19 @@
 			}
 
 			DEBUG(10,("add_ccache_to_list: added krb5_ticket handler\n"));
+	
+			/*
+			 * If we're set up to renew our krb5 tickets, we must
+			 * cache the credentials in memory for the ticket
+			 * renew function. Fix inspired by patch from
+			 * Ian Gordon <ian.gordon@strath.ac.uk> for
+			 * bugid #9098.
+			 */
+
+			ntret = winbindd_add_memory_creds(username, uid, pass);
+			DEBUG(10, ("winbindd_add_memory_creds returned: %s\n",
+				nt_errstr(ntret)));
+
 		}
 
 		return NT_STATUS_OK;
@@ -675,6 +689,18 @@
 		"added ccache [%s] for user [%s] to the list\n",
 		ccname, username));
 
+	/*
+	 * If we're set up to renew our krb5 tickets, we must
+	 * cache the credentials in memory for the ticket
+	 * renew function. Fix inspired by patch from
+	 * Ian Gordon <ian.gordon@strath.ac.uk> for
+	 * bugid #9098.
+	 */
+
+	ntret = winbindd_add_memory_creds(username, uid, pass);
+	DEBUG(10, ("winbindd_add_memory_creds returned: %s\n",
+		nt_errstr(ntret)));
+
 	return NT_STATUS_OK;
 
  no_mem:
diff -r -u a/source3/winbindd/winbindd_pam.c b/source3/winbindd/winbindd_pam.c
--- a/source3/winbindd/winbindd_pam.c	2012-07-30 18:13:16.000000000 +0100
+++ b/source3/winbindd/winbindd_pam.c	2012-08-16 14:05:27.000000000 +0100
@@ -640,6 +640,7 @@
 					    cc,
 					    service,
 					    user,
+					    pass,
 					    realm,
 					    uid,
 					    time(NULL),
@@ -957,6 +958,7 @@
 							    cc,
 							    service,
 							    state->request->data.auth.user,
+							    state->request->data.auth.pass,
 							    domain->alt_name,
 							    uid,
 							    time(NULL),
@@ -2105,6 +2107,13 @@
 		goto process_result;
 	}
 
+	/*
+	 * Remove any mlock'ed memory creds in the child
+	 * we might be using for krb5 ticket renewal.
+	 */
+
+	winbindd_delete_memory_creds(state->request->data.logoff.user);
+
 #else
 	result = NT_STATUS_NOT_SUPPORTED;
 #endif
diff -r -u a/source3/winbindd/winbindd_proto.h b/source3/winbindd/winbindd_proto.h
--- a/source3/winbindd/winbindd_proto.h	2012-07-30 18:13:16.000000000 +0100
+++ b/source3/winbindd/winbindd_proto.h	2012-08-16 14:05:27.000000000 +0100
@@ -188,6 +188,7 @@
 			    const char *ccname,
 			    const char *service,
 			    const char *username,
+			    const char *password,
 			    const char *realm,
 			    uid_t uid,
 			    time_t create_time,