From 22f71be4e3a7dc1a84e20350dd540be6124df6b5 Mon Sep 17 00:00:00 2001
From: Dominick Grift <dominick.grift@gmail.com>
Date: Fri, 16 Aug 2013 13:03:07 +0200
Subject: [PATCH] The kerberos_keytab_template() template is deprecated: Breaks
 monolithic built (out-of-scope)

This keytab functionality should be re-evaluated because it does not
make sense in its current implementation

Signed-off-by: Dominick Grift <dominick.grift@gmail.com>
---
 policy/modules/services/ssh.te | 8 +++++++-
 1 file changed, 7 insertions(+), 1 deletion(-)

diff --git a/policy/modules/services/ssh.te b/policy/modules/services/ssh.te
index eada65c0d..568c33557 100644
--- a/policy/modules/services/ssh.te
+++ b/policy/modules/services/ssh.te
@@ -74,6 +74,9 @@ typealias ssh_home_t alias { home_ssh_t user_ssh_home_t user_home_ssh_t staff_ho
 typealias ssh_home_t alias { auditadm_home_ssh_t secadm_home_ssh_t };
 userdom_user_home_content(ssh_home_t)
 
+type sshd_keytab_t;
+files_type(sshd_keytab_t)
+
 ##############################
 #
 # SSH client local policy
@@ -224,6 +227,8 @@ optional_policy(`
 allow sshd_t self:netlink_route_socket r_netlink_socket_perms;
 allow sshd_t self:key { search link write };
 
+allow sshd_t sshd_keytab_t:file read_file_perms;
+
 manage_dirs_pattern(sshd_t, sshd_tmp_t, sshd_tmp_t)
 manage_files_pattern(sshd_t, sshd_tmp_t, sshd_tmp_t)
 manage_sock_files_pattern(sshd_t, sshd_tmp_t, sshd_tmp_t)
@@ -261,7 +266,8 @@ optional_policy(`
 ')
 
 optional_policy(`
-	kerberos_keytab_template(sshd, sshd_t)
+	kerberos_read_keytab(sshd_t)
+	kerberos_use(sshd_t)
 ')
 
 optional_policy(`