From b9dadaa81c2d08fc6857442d557a145c45a93b52 Mon Sep 17 00:00:00 2001
From: Sumit Bose <sbose@redhat.com>
Date: Sep 23 2013 15:00:40 +0000
Subject: krb5: do not expand enterprise principals is offline


Expanding a principle to an enterprise principal only makes sense if
there is a KDC available which can process it. If we are offline the
plain principal should be used, e.g. to create an expired ccache.

Fixes https://fedorahosted.org/sssd/ticket/2060

---

diff --git a/src/providers/krb5/krb5_child_handler.c b/src/providers/krb5/krb5_child_handler.c
index aa72c07..92dec0d 100644
--- a/src/providers/krb5/krb5_child_handler.c
+++ b/src/providers/krb5/krb5_child_handler.c
@@ -155,7 +155,7 @@ static errno_t create_send_buffer(struct krb5child_req *kr,
             break;
     }
 
-    if (kr->pd->cmd == SSS_CMD_RENEW) {
+    if (kr->pd->cmd == SSS_CMD_RENEW || kr->is_offline) {
         use_enterprise_principal = false;
     } else {
         use_enterprise_principal = dp_opt_get_bool(kr->krb5_ctx->opts,