In kadmind, when a principal performs a self-service key change (randkey or 
chpass), we look up the principal's policy and check the minimum password 
lifetime.  This check currently fails if the policy does not exist, which 
contradicts the intent of #7385.  We should relax check_min_life() to 
succeed if kadm5_get_policy() returns KADM5_UNK_POLICY.

Reported by John Devitofranceschi.