KRB5: Remove unnecessary call to become_user()

By the time that the create_ccache_in_dir() routine is called, we are
already guaranteed to have dropped privileges. This has either happened
because we dropped them before the exec() in the normal operation case
or because we dropped them explicitly after we completed the TGT
validation step if that or FAST is configured.

1 files changed, 0 insertions, 6 deletions

diff --git a/src/providers/krb5/krb5_child.c b/src/providers/krb5/krb5_child.c
index 8fce600fe..3fd12fec3 100644
--- a/src/providers/krb5/krb5_child.c
+++ b/src/providers/krb5/krb5_child.c
@@ -722,12 +722,6 @@ create_ccache_in_dir(uid_t uid, gid_t gid,
         return EIO;
     }
 
-    kerr = become_user(uid, gid);
-    if (kerr != EOK) {
-        DEBUG(SSSDBG_CRIT_FAILURE, ("become_user failed.\n"));
-        goto done;
-    }
-
     if (dirname[0] == ':') {
         /* Cache name in the form of DIR::filepath represents a single
          * ccache in a collection that we are trying to reuse.