diff --git a/policy/modules/admin/usermanage.te b/policy/modules/admin/usermanage.te
index d5557671d..410f0d5a5 100644
--- a/policy/modules/admin/usermanage.te
+++ b/policy/modules/admin/usermanage.te
@@ -125,14 +125,17 @@ miscfiles_read_localization(chfn_t)
 
 logging_send_syslog_msg(chfn_t)
 
-# uses unix_chkpwd for checking passwords
-seutil_dontaudit_search_config(chfn_t)
+seutil_read_file_contexts(chfn_t)
 
 userdom_use_unpriv_users_fds(chfn_t)
 # user generally runs this from their home directory, so do not audit a search
 # on user home dir
 userdom_dontaudit_search_user_home_content(chfn_t)
 
+optional_policy(`
+	nscd_run(chfn_t, chfn_roles)
+')
+
 ########################################
 #
 # Crack local policy