Because krbtpolicy --set-addr can change any values in the underlying object, and that object is the user object if the uid is specificied, we need to have validation for fields performed during add and mod, even if they are not specified as part of the method call.
attachment freeipa-rcrit-784-krbtpolicy.patch
master: 9cc0754
ipa-2-0: d8a96cc
Metadata Update from @admiyo: - Issue assigned to rcritten - Issue set to the milestone: FreeIPA 2.1 - 2011/05
Login to comment on this ticket.