2 files changed, 0 insertions, 15 deletions

diff --git a/src/providers/krb5/krb5_auth.c b/src/providers/krb5/krb5_auth.c
index 91989df42..148b08fdf 100644
--- a/src/providers/krb5/krb5_auth.c
+++ b/src/providers/krb5/krb5_auth.c
@@ -186,7 +186,6 @@ errno_t krb5_setup(TALLOC_CTX *mem_ctx, struct pam_data *pd,
         return ENOMEM;
     }
     kr->is_offline = false;
-    kr->run_as_user = true;
     talloc_set_destructor((TALLOC_CTX *) kr, krb5_cleanup);
 
     kr->pd = pd;
@@ -699,19 +698,6 @@ static void krb5_auth_resolve_done(struct tevent_req *subreq)
         kr->is_offline = be_is_offline(state->be_ctx);
     }
 
-    /* We need to keep the root privileges to read the keytab file if
-     * validation or FAST is enabled, otherwise we can drop them and run
-     * krb5_child with user privileges.
-     * If we are offline we want to create an empty ccache file. In this
-     * case we can drop the privileges, too. */
-    if ((dp_opt_get_bool(kr->krb5_ctx->opts, KRB5_VALIDATE) ||
-         kr->krb5_ctx->use_fast) &&
-        (!kr->is_offline)) {
-        kr->run_as_user = false;
-    } else {
-        kr->run_as_user = true;
-    }
-
     subreq = handle_child_send(state, state->ev, kr);
     if (subreq == NULL) {
         DEBUG(SSSDBG_CRIT_FAILURE, "handle_child_send failed.\n");
diff --git a/src/providers/krb5/krb5_auth.h b/src/providers/krb5/krb5_auth.h
index 00cb658c4..c93252916 100644
--- a/src/providers/krb5/krb5_auth.h
+++ b/src/providers/krb5/krb5_auth.h
@@ -53,7 +53,6 @@ struct krb5child_req {
     struct fo_server *kpasswd_srv;
     bool active_ccache;
     bool valid_tgt;
-    bool run_as_user;
     bool upn_from_different_realm;
     bool send_pac;
 };