Give keyring-maint write access to keyFingerPrint
However, make an exception for supplementaryGid=adm users for security
reasons (wouldn't want keyring-maint to be able to takeover a root
account).
The ACL gives writes to a non-existing group; this should be created,
e.g.
cn=Keyring Maintainers,ou=users,dc=debian,dc=org
objectClass: top
objectClass: groupOfNames
cn: Keyring Maintainers
member: uid=noodles,ou=users,dc=debian,dc=org
member: uid=gwolf,ou=users,dc=debian,dc=org
Signed-off-by: Peter Palfrader <peter@palfrader.org>