It was discovered that debian-lan-config, a FAI config space for the Debian-LAN system, configured too permissive ACLs for the Kerberos admin server, which allowed password changes for other user principals. This update provides a fixed configuration for new deployments, for existing setups, the NEWS file shipped in this update provides advice to fix the configuration.