[krb5-auth-dialog] Don't consider credentials renewable unless the renew_till time is later than the current expiry

[Guido Günther <guidog src gnome org>]

commit 6fe2410819a2c0e2810065a34430e0e9c638cede
Author: Matthew L. Dailey <matthew l dailey dartmouth edu>
Date:   Sun May 16 16:35:48 2010 +0200

    Don't consider credentials renewable unless the renew_till time is later than the current expiry

 src/ka-dialog.c |    8 ++++++--
 1 files changed, 6 insertions(+), 2 deletions(-)
---
diff --git a/src/ka-dialog.c b/src/ka-dialog.c
index f8d0fea..e72266b 100644
--- a/src/ka-dialog.c
+++ b/src/ka-dialog.c
@@ -223,8 +223,12 @@ credentials_expiring_real (KaApplet* applet)
 	    (now + ka_applet_get_pw_prompt_secs(applet) > my_creds.times.endtime))
 		retval = TRUE;
 
-	/* If our creds are expiring, determine whether they are renewable */
-	if (retval && get_cred_renewable(&my_creds) && my_creds.times.renew_till > now) {
+	/* If our creds are expiring, determine whether they are renewable.
+	 * If the expiry is already at the renew_till time, don't consider
+	 * credentials renewable */
+	if (retval && get_cred_renewable(&my_creds)
+	    && my_creds.times.renew_till > now
+	    && my_creds.times.renew_till > creds_expiry) {
 		ka_applet_set_tgt_renewable(applet, TRUE);
 	}