In the kadmin protocol, make the access controls for get_strings/set_string mirror those of get_principal/modify_principal. Previously, anyone with global list privileges could get or modify string attributes on any principal. The impact of this depends on how generous the kadmind acl is with list permission and whether string attributes are used in a deployment (nothing in the core code uses them yet). CVSSv2 vector: AV:N/AC:M/Au:S/C:P/I:P/A:N/E:H/RL:O/RC:C https://github.com/krb5/krb5/commit/e31c182a5ddbdf21490d18fe308a50d82a7d7453 Commit By: ghudson Revision: 25704 Changed Files: U trunk/src/kadmin/server/server_stubs.c