From 5cf668b1ff48119a5b7674e8c16cb96e2fe6d327 Mon Sep 17 00:00:00 2001
From: Dan Fandrich <danf@mageia.org>
Date: Tue, 15 Oct 2024 17:25:38 -0700
Subject: Uninstall nss_updatedb

This needs some configuration or it generates an error e-mail every
hour, as it did on duvel. It might be useful to configure one day to
provide access to machines even if the LDAP server goes down.
---
 modules/pam/manifests/base.pp | 9 +++++++--
 1 file changed, 7 insertions(+), 2 deletions(-)

(limited to 'modules')

diff --git a/modules/pam/manifests/base.pp b/modules/pam/manifests/base.pp
index 20a4d336..e29c8555 100644
--- a/modules/pam/manifests/base.pp
+++ b/modules/pam/manifests/base.pp
@@ -1,8 +1,13 @@
 class pam::base {
     include pam::multiple_ldap_access
-    package { ['nscd']: }
+    package { ['nscd', 'nss-pam-ldapd']: }
 
-    package { ['nss-pam-ldapd']: }
+    # This needs configuration or it generates an error every hour.
+    # If it's ever enabled, make sure restrict permissions on
+    # /var/db/passwd.db and /var/db/group.db at the same time.
+    package { 'nss_updatedb':
+        ensure => 'absent',
+    }
 
     service { 'nscd':
         require => Package['nscd'],
-- 
cgit v1.2.1