diff --git a/0001-Use-different-attribute-for-cached-passwords-change.patch b/0001-Use-different-attribute-for-cached-passwords-change.patch
new file mode 100644
index 0000000..63bf379
--- /dev/null
+++ b/0001-Use-different-attribute-for-cached-passwords-change.patch
@@ -0,0 +1,34 @@
+From 11d01e05e08a9acf11af9aea96910b4795627082 Mon Sep 17 00:00:00 2001
+From: Sumit Bose <sbose@redhat.com>
+Date: Tue, 28 Apr 2009 10:20:55 +0200
+Subject: [PATCH] Use different attribute for cached passwords change time
+
+---
+ server/responder/pam/pamsrv_cache.c |    4 ++--
+ 1 files changed, 2 insertions(+), 2 deletions(-)
+
+diff --git a/server/responder/pam/pamsrv_cache.c b/server/responder/pam/pamsrv_cache.c
+index 5e492a5..302f70c 100644
+--- a/server/responder/pam/pamsrv_cache.c
++++ b/server/responder/pam/pamsrv_cache.c
+@@ -153,7 +153,7 @@ int pam_cache_credentials(struct pam_auth_req *preq)
+     if (ret) goto done;
+ 
+     /* FIXME: should we use a different attribute for chache passwords ?? */
+-    ret = sysdb_attrs_add_long(ctx->attrs, "lastPasswordChange",
++    ret = sysdb_attrs_add_long(ctx->attrs, "lastCachedPasswordChange",
+                                (long)time(NULL));
+     if (ret) goto done;
+ 
+@@ -256,7 +256,7 @@ int pam_cache_auth(struct pam_auth_req *preq)
+                                   SYSDB_CACHEDPWD,
+                                   SYSDB_DISABLED,
+                                   SYSDB_LAST_LOGIN,
+-                                  "lastPasswordChange",
++                                  "lastCachedPasswordChange",
+                                   "accountExpires",
+                                   "failedLoginAttempts",
+                                   "lastFailedLogin",
+-- 
+1.6.0.6
+
diff --git a/0001-Use-different-attribute-for-cached-passwords.patch b/0001-Use-different-attribute-for-cached-passwords.patch
new file mode 100644
index 0000000..9fb3246
--- /dev/null
+++ b/0001-Use-different-attribute-for-cached-passwords.patch
@@ -0,0 +1,61 @@
+From c4f46b40e2f55abd9ae2296fd68daa88bd60e32f Mon Sep 17 00:00:00 2001
+From: Simo Sorce <ssorce@redhat.com>
+Date: Mon, 27 Apr 2009 18:21:25 -0400
+Subject: [PATCH] Use different attribute for cached passwords
+
+This fixes a bug with legacy backends where the cached password would be cleared
+on a user update.
+Using a different attribute we make sure a userPassword coming from the remote
+backend does not interfere with a cachedPassword (and vice versa).
+---
+ server/db/sysdb.h                   |    2 ++
+ server/responder/pam/pamsrv_cache.c |    6 +++---
+ 2 files changed, 5 insertions(+), 3 deletions(-)
+
+diff --git a/server/db/sysdb.h b/server/db/sysdb.h
+index df49bc7..7bfe1fd 100644
+--- a/server/db/sysdb.h
++++ b/server/db/sysdb.h
+@@ -63,6 +63,8 @@
+ 
+ #define SYSDB_LAST_UPDATE "lastUpdate"
+ 
++#define SYSDB_CACHEDPWD "cachedPassword"
++
+ #define SYSDB_NEXTID_FILTER "("SYSDB_NEXTID"=*)"
+ 
+ #define SYSDB_UC "objectclass="SYSDB_USER_CLASS
+diff --git a/server/responder/pam/pamsrv_cache.c b/server/responder/pam/pamsrv_cache.c
+index 10f4199..154c7d1 100644
+--- a/server/responder/pam/pamsrv_cache.c
++++ b/server/responder/pam/pamsrv_cache.c
+@@ -149,7 +149,7 @@ int pam_cache_credentials(struct pam_auth_req *preq)
+         goto done;
+     }
+ 
+-    ret = sysdb_attrs_add_string(ctx->attrs, SYSDB_PWD, comphash);
++    ret = sysdb_attrs_add_string(ctx->attrs, SYSDB_CACHEDPWD, comphash);
+     if (ret) goto done;
+ 
+     /* FIXME: should we use a different attribute for chache passwords ?? */
+@@ -219,7 +219,7 @@ static void pam_cache_auth_callback(void *pvt, int ldb_status,
+         goto done;
+     }
+ 
+-    userhash = ldb_msg_find_attr_as_string(res->msgs[0], SYSDB_PWD, NULL);
++    userhash = ldb_msg_find_attr_as_string(res->msgs[0], SYSDB_CACHEDPWD, NULL);
+     if (userhash == NULL || *userhash == '\0') {
+         DEBUG(4, ("Cached credentials not available.\n"));
+         ret = PAM_AUTHINFO_UNAVAIL;
+@@ -253,7 +253,7 @@ int pam_cache_auth(struct pam_auth_req *preq)
+     int ret;
+ 
+     static const char *attrs[] = {SYSDB_NAME,
+-                                  SYSDB_PWD,
++                                  SYSDB_CACHEDPWD,
+                                   SYSDB_DISABLED,
+                                   SYSDB_LAST_LOGIN,
+                                   "lastPasswordChange",
+-- 
+1.6.0.6
+
diff --git a/sssd.spec b/sssd.spec
index e3019d8..97ba2c4 100644
--- a/sssd.spec
+++ b/sssd.spec
@@ -1,6 +1,6 @@
 Name: sssd
 Version: 0.3.3
-Release: 0%{?dist}
+Release: 1%{?dist}
 Group: Applications/System
 Summary: System Security Services Daemon
 
@@ -13,6 +13,8 @@ Source1: sssd.conf.default
 BuildRoot: %(mktemp -ud %{_tmppath}/%{name}-%{version}-%{release}-XXXXXX)
 
 ### Patches ###
+Patch1: 0001-Use-different-attribute-for-cached-passwords.patch
+Patch2: 0001-Use-different-attribute-for-cached-passwords-change.patch
 
 ### Dependencies ###
 
@@ -51,6 +53,8 @@ services for projects like FreeIPA.
 %prep
 %setup -q
 
+%patch1 -p 1 -b .pwd-attr
+%patch2 -p 1 -b .pwd-cache-attr
 
 %build
 
@@ -139,6 +143,9 @@ if [ $1 -ge 1 ] ; then
 fi
 
 %changelog
+* Tue Apr 28 2009 Simo Sorce <ssorce@redhat.com> - 0.3.3-1
+- Add patches to fix password caching
+
 * Mon Apr 27 2009 Simo Sorce <ssorce@redhat.com> - 0.3.3-0
 - Version 0.3.3