From: guido@trentalancia.com (Guido Trentalancia)
Date: Wed, 16 Feb 2011 07:00:53 +0100
Subject: [refpolicy] [PATCH 3/34]: patch to use pam instead of nsswitch in
 the usermanage module
Message-ID: <1297836053.3205.32.camel@tesla.lan>
To: refpolicy@oss.tresys.com
List-Id: refpolicy.oss.tresys.com

This patch allows to use pam instead of nsswitch in
policy/modules/admin/usermanage.te.

--- refpolicy-git-02022011-test-apply/policy/modules/admin/usermanage.te	2011-02-07 00:35:04.530712150 +0100
+++ refpolicy-git-02022011-test-apply2/policy/modules/admin/usermanage.te	2011-02-07 00:38:27.175347975 +0100
@@ -88,9 +88,7 @@ fs_search_auto_mountpoints(chfn_t)
 # for SSP
 dev_read_urand(chfn_t)
 
-auth_domtrans_chk_passwd(chfn_t)
-auth_dontaudit_read_shadow(chfn_t)
-auth_use_nsswitch(chfn_t)
+auth_use_pam(chfn_t)
 
 # allow checking if a shell is executable
 corecmd_check_exec_shell(chfn_t)
@@ -294,11 +292,10 @@ selinux_compute_user_contexts(passwd_t)
 
 term_use_all_terms(passwd_t)
 
-auth_domtrans_chk_passwd(passwd_t)
 auth_manage_shadow(passwd_t)
 auth_relabel_shadow(passwd_t)
 auth_etc_filetrans_shadow(passwd_t)
-auth_use_nsswitch(passwd_t)
+auth_use_pam(passwd_t)
 
 # allow checking if a shell is executable
 corecmd_check_exec_shell(passwd_t)