Content-Type: text/plain
Content-Disposition: inline
Content-Transfer-Encoding: binary
MIME-Version: 1.0
X-Mailer: MIME-tools 5.427 (Entity 5.427)
RT-Send-CC:
X-RT-Original-Encoding: iso-8859-1
Content-Length: 515

Also, if you "kdb5_util purge_mkeys" after those two operations, you get a 
bad error message:

  Purging the follwing master key(s) from K/M@KRBTEST.COM:
  KVNO: 1
  kdb5_util: Invalid argument while updating actkvno data for master 
principal entry

This happens because kdb5_purge_mkeys computes an empty active mkvno and 
krb5_db_fetch_mkey_list rejects it with EINVAL.

This is technically a separate bug, but would be difficult to reproduce if 
the update_princ_encryption bug is fixed, so I'm noting it here.