The host administrator privilege lacks the ability to manage certificates so a host with a certificate cannot be removed.
To test:
I'm guessing that the minimum permissions required are 'revoke certificate' and 'Retrieve Certificates from the CA'
Ticket has been cloned to Bugzilla: https://bugzilla.redhat.com/show_bug.cgi?id=955699
master: 4cff518
ipa-3-1: 89f65dd
Metadata Update from @rcritten: - Issue assigned to akrivoka - Issue set to the milestone: FreeIPA 3.2 - 2013/04-05 (GA)
Login to comment on this ticket.