[SSSD] [sssd PR#328][opened] KRB5: Return invalid credentials internally when attempting to renew an expired TGT

URL: https://github.com/SSSD/sssd/pull/328 Author: jhrozek Title: #328: KRB5: Return invalid credentials internally when attempting to renew an expired TGT Action: opened PR body: """ Since 1.14.2 and in particular commit d3348f49260998880bb7cd3b2fb72d562b1b7a64 we return ERR_NETWORK_IO for any krb5_child operations that receive KRB5KRB_AP_ERR_TKT_EXPIRED from libkrb5. However, when the action that krb5_child performs is ticket renewal and the ticket is totally expired, this can send the SSSD into offline mode. Instead, this patch converts the KRB5KRB_AP_ERR_TKT_EXPIRED code into sssd-internal ERR_CREDS_EXPIRED which map_krb5_error() won't map anymore. The effect on the deamon is that just the single renewal fails, but the failover code is not called and therefore sssd doesn't switch into offline mode. Resolves: https://pagure.io/SSSD/sssd/issue/3406 """ To pull the PR as Git branch: git remote add ghsssd https://github.com/SSSD/sssd git fetch ghsssd pull/328/head:pr328 git checkout pr328