Cloned from https://github.com/SSSD/sssd/issues/7532
```
We are starting to run into some issues with offline smart card authentication with EL9/CS9 systems. Currently I have a CS9 laptop that when I brought it home I could no longer log in - I get a "Please (re)insert (different) smartcard" message.

...

here's the difference:

1. ldbsearch -H /var/lib/sss/db/cache_nwra.com.ldb  name=orion@ad.nwra.com | grep -Fi auth
   asq: Unable to register control with rootdse!
   localPasskeyAuth: FALSE
   lastOnlineAuth: 1722860790
   lastOnlineAuthWithCurrentToken: 1722860790
   localSmartcardAuth: FALSE

on the working system localSmartcardAuth is TRUE. Why would that be different?
```

From sbose@redhat.com :
```
if there is not Smartcard inserted and a different authentication method is used the localSmartcardAuth attribute is set to FALSE. The reason is that even if the KDC indicates that Smartcard based authentication (pkinit) is possible the pkinit plugin calls out callback only if a Smartcard or similar is present.

So we either have to find a way to see if the KDC offers pkinit or we should not overwrite localSmartcardAuth unconditionally.
```