diff --git a/refpolicy/policy/modules/admin/usermanage.te b/refpolicy/policy/modules/admin/usermanage.te
index 2742509..8c3897a 100644
--- a/refpolicy/policy/modules/admin/usermanage.te
+++ b/refpolicy/policy/modules/admin/usermanage.te
@@ -1,5 +1,5 @@
 
-policy_module(usermanage,1.3.4)
+policy_module(usermanage,1.3.5)
 
 ########################################
 #
@@ -240,6 +240,7 @@ miscfiles_read_localization(groupadd_t)
 
 auth_manage_shadow(groupadd_t)
 auth_relabel_shadow(groupadd_t)
+auth_etc_filetrans_shadow(groupadd_t)
 auth_rw_lastlog(groupadd_t)
 auth_use_nsswitch(groupadd_t)
 
@@ -314,6 +315,7 @@ term_use_all_user_ptys(passwd_t)
 
 auth_manage_shadow(passwd_t)
 auth_relabel_shadow(passwd_t)
+auth_etc_filetrans_shadow(passwd_t)
 
 # allow checking if a shell is executable
 corecmd_check_exec_shell(passwd_t)
@@ -403,6 +405,7 @@ term_use_all_user_ptys(sysadm_passwd_t)
 
 auth_manage_shadow(sysadm_passwd_t)
 auth_relabel_shadow(sysadm_passwd_t)
+auth_etc_filetrans_shadow(sysadm_passwd_t)
 
 # allow checking if a shell is executable
 corecmd_check_exec_shell(sysadm_passwd_t)
@@ -480,6 +483,7 @@ term_use_all_user_ptys(useradd_t)
 
 auth_manage_shadow(useradd_t)
 auth_relabel_shadow(useradd_t)
+auth_etc_filetrans_shadow(useradd_t)
 auth_rw_lastlog(useradd_t)
 auth_use_nsswitch(useradd_t)
 
diff --git a/refpolicy/policy/modules/services/nis.te b/refpolicy/policy/modules/services/nis.te
index 137b5f1..98cbbc7 100644
--- a/refpolicy/policy/modules/services/nis.te
+++ b/refpolicy/policy/modules/services/nis.te
@@ -1,5 +1,5 @@
 
-policy_module(nis,1.1.1)
+policy_module(nis,1.1.2)
 
 ########################################
 #
@@ -193,6 +193,7 @@ term_dontaudit_use_console(yppasswdd_t)
 
 auth_manage_shadow(yppasswdd_t)
 auth_relabel_shadow(yppasswdd_t)
+auth_etc_filetrans_shadow(yppasswdd_t)
 
 corecmd_exec_bin(yppasswdd_t)
 corecmd_exec_shell(yppasswdd_t)
diff --git a/refpolicy/policy/modules/system/authlogin.if b/refpolicy/policy/modules/system/authlogin.if
index dddd366..4c4e40b 100644
--- a/refpolicy/policy/modules/system/authlogin.if
+++ b/refpolicy/policy/modules/system/authlogin.if
@@ -413,13 +413,29 @@ interface(`auth_manage_shadow',`
 	')
 
 	allow $1 shadow_t:file create_file_perms;
-	files_etc_filetrans($1,shadow_t,file)
-
 	typeattribute $1 can_read_shadow_passwords, can_write_shadow_passwords;
 ')
 
 #######################################
 ## <summary>
+##	Automatic transition to shadow from etc.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain allowed access.
+##	</summary>
+## </param>
+#
+interface(`auth_etc_filetrans_shadow',`
+	gen_require(`
+		type shadow_t;
+	')
+
+	files_etc_filetrans($1,shadow_t,file)
+')
+
+#######################################
+## <summary>
 ##	Relabel to the shadow
 ##	password file type.
 ## </summary>
diff --git a/refpolicy/policy/modules/system/authlogin.te b/refpolicy/policy/modules/system/authlogin.te
index ee05883..5bcf97f 100644
--- a/refpolicy/policy/modules/system/authlogin.te
+++ b/refpolicy/policy/modules/system/authlogin.te
@@ -1,5 +1,5 @@
 
-policy_module(authlogin,1.3.3)
+policy_module(authlogin,1.3.4)
 
 ########################################
 #