In the kadmin protocol, make the access controls for
get_strings/set_string mirror those of get_principal/modify_principal.
Previously, anyone with global list privileges could get or modify
string attributes on any principal. The impact of this depends on how
generous the kadmind acl is with list permission and whether string
attributes are used in a deployment (nothing in the core code uses
CVSSv2 vector: AV:N/AC:M/Au:S/C:P/I:P/A:N/E:H/RL:O/RC:C
Commit By: ghudson