A RHEL-10 Beta host being offline at the login point will not acquire a Kerberos ticket when getting online after login.  The krb5_store_password_if_offline setting is enabled in sssd.conf.

The expected behavior is that running kinit should not be needed after the host gets online after login, but this happens automatically.  This worked fine on RHEL-7 and RHEL-8.

Please provide the package NVR for which the bug is seen:

$ rpm -qa sssd* krb* | sort
krb5-libs-1.21.3-2.el10.x86_64
krb5-pkinit-1.21.3-2.el10.x86_64
krb5-workstation-1.21.3-2.el10.x86_64
sssd-2.10.0~beta2-3.el10.x86_64
sssd-ad-2.10.0~beta2-3.el10.x86_64
sssd-client-2.10.0~beta2-3.el10.x86_64
sssd-common-2.10.0~beta2-3.el10.x86_64
sssd-common-pac-2.10.0~beta2-3.el10.x86_64
sssd-dbus-2.10.0~beta2-3.el10.x86_64
sssd-idp-2.10.0~beta2-3.el10.x86_64
sssd-ipa-2.10.0~beta2-3.el10.x86_64
sssd-kcm-2.10.0~beta2-3.el10.x86_64
sssd-krb5-2.10.0~beta2-3.el10.x86_64
sssd-krb5-common-2.10.0~beta2-3.el10.x86_64
sssd-ldap-2.10.0~beta2-3.el10.x86_64
sssd-nfs-idmap-2.10.0~beta2-3.el10.x86_64
sssd-passkey-2.10.0~beta2-3.el10.x86_64
sssd-proxy-2.10.0~beta2-3.el10.x86_64
sssd-tools-2.10.0~beta2-3.el10.x86_64 

How reproducible is this bug?: Always

Steps to reproduce

1. Boot a RHEL-10 Beta host which is enrolled into an IPA domain, ensure the host is offline after boot.
2. Log in using a IPA account
3. Make the host connect to the network where the IPA server(s) are available.
4. Check klist

Expected results

A Kerberos ticket being issued for the session soon after the host becomes online after host loging.

Actual results

Need to manually retrieve a Kerberos ticket using kinit.  Locking the screen and unlocking it after becoming online also works.