nss_domain attribute patch 3, Miroslav Grepl

This commit is contained in:
Chris PeBenito 2012-07-10 08:43:38 -04:00
parent 330b13a4a2
commit b35c647481

View File

@ -5,6 +5,14 @@ policy_module(authlogin, 2.3.1)
# Declarations
#
## <desc>
## <p>
## Allow users to resolve user passwd entries directly from ldap rather then using a sssd server
## </p>
## </desc>
gen_tunable(authlogin_nsswitch_use_ldap, false)
attribute can_read_shadow_passwords;
attribute can_write_shadow_passwords;
attribute can_relabelto_shadow_passwords;
@ -407,17 +415,23 @@ files_list_var_lib(nsswitch_domain)
# read /etc/nsswitch.conf
files_read_etc_files(nsswitch_domain)
miscfiles_read_generic_certs(nsswitch_domain)
sysnet_dns_name_resolve(nsswitch_domain)
sysnet_use_ldap(nsswitch_domain)
optional_policy(`
avahi_stream_connect(nsswitch_domain)
tunable_policy(`authlogin_nsswitch_use_ldap',`
files_list_var_lib(nsswitch_domain)
miscfiles_read_generic_certs(nsswitch_domain)
sysnet_use_ldap(nsswitch_domain)
')
optional_policy(`
ldap_stream_connect(nsswitch_domain)
tunable_policy(`authlogin_nsswitch_use_ldap',`
ldap_stream_connect(nsswitch_domain)
')
')
optional_policy(`
avahi_stream_connect(nsswitch_domain)
')
optional_policy(`