Hello,

The attached unified diff against the krb5-1.2.6 source tree fixes a bug
in kadmin where a principal changing his own key cannot specify a list
of supported enctypes (while principals changing other principals' keys
can do so).

To see the bug, configure more than one supported enctype in the KDC,
and create a test principal, and then run "kadmin -p <testprinc>".  In
kadmin, try "cpw [-randkey] -e des-cbc-crc:normal <testprinc>".  Then
"getprinc <testprinc>" shows that the list was not honored.

This patch fixes the problem my extending the server-side
{chpass,randkey}_principal_wrapper functions to take the keepold,
n_ks_tuple and ks_tuple arguments common to the
kadm5_{chpass,randkey}_principal_3 functions.

The attached patch has been tested with MIT Kerberos 5 version 1.2.6 on
Linux RedHat 7.3, but should pose no portability issues.

-- Ben