KRB$ADMIN_HELP.HLB  —  MODIFY
      The MODIFY command is used to modify password, policy, or principal
      data.

1  –  PASSWORD

      principal_name

      The MODIFY PASSWORD command is used to modify a principal's
      password.

1.1  –  Qualifiers

1.2    /PASSWORD

        /PASSWORD=password

        Specifies the password for the specified principal.

1.3    /RANDOM

        /RANDOM

        Specifies the random key generation for the specified principal.

1.4  –  Examples

      KerberosAdmin> Modify Password TestAccount /Password=NewPassword

      Requests that the TestAccount password be changed to NewPassword.

2  –  POLICY

      policy_name

      The MODIFY POLICY command is used to modify a password policy
      entry.

2.1  –  Qualifiers

2.2    /LIFETIME

        /LIFETIME=(field [,...])

        Specifies the password lifetime for the modified policy.

2.2.1  –  Fields

        MAX:delta-time

        Specifies the maximum password lifetime for the modified policy.

        MIN:delta-time

        Specifies the minimum password lifetime for the modified policy.

2.3    /LENGTH

        /LENGTH=(field [,...])

        Specifies the password length for the modified policy.

2.3.1  –  Fields

        MIN:n

        Specifies the minimum password length for the modified policy.

2.4    /CLASSES

        /CLASSES=(field [,...])

        Specifies the minimum password classes for the modified policy.

2.4.1  –  Fields

        MIN:n

        Specifies the minimum password length for the modified policy.

2.5    /HISTORY

        /HISTORY=(field [,...])

        Specifies the password history for the modified policy.

2.5.1  –  Fields

        MIN:n

        Specifies the minimum password history for the modified policy.

2.6  –  Examples

      KerberosAdmin> Modify Policy TestPolicy /Max_Pwd_Lifetime=30-00:00:00

      Requests that the maximum password lifetime of TestPolicy be set to
      30 days.

3  –  PRINCIPAL

      principal_name

      The MODIFY PRINCIPAL command is used to modify a principal entry.

3.1  –  Qualifiers

3.2    /POLICY

        /POLICY[=policy]
        /[NO]POLICY

        Specifies the policy for the modified principal.  If the negated
        for of this qualifier is used then the modified principal will
        have any associated policy removed.

3.3    /EXPIRATION

        /EXPIRATION=date-time

        Specifies the expiration for the modified principal.

3.4    /PWD_EXPIRATION

        /PWD_EXPIRATION=date-time

        Specifies the expiration for the modified principal's password.

3.5    /TICKET_LIFETIME

        /TICKET_LIFETIME=(field [,...])

        Specifies the ticket lifetime for the modified principal.

3.5.1  –  Fields

        MAX:delta-time

        Specifies the maximum ticket lifetime for the modified principal.

3.6    /RENEWAL_LIFETIME

        /RENEWAL_LIFETIME=(field [,...])

        Specifies the ticket renewal lifetime for the modified principal.

3.6.1  –  Fields

        MAX:delta-time

        Specifies the maximum ticket renewal lifetime for the modified
        principal.

3.7    /KEY_VERSION

        /KEY_VERSION=number

        Specifies the key version number associated with the modified
        principal.  This value must be in the range of 0 through 255.

3.8    /ATTRIBUTES

        /ATTRIBUTES=([NO]attrname[,...])

        Specifies the attributes associated with the modified principal.

        Keyword               Description

        DISALLOW_POSTDATED    Disallows postdated tickets for this
                              principal.
        DISALLOW_FORWARDABLE  Disallows forwardable tickets for this
                              principal.
        DISALLOW_TGT_BASED    Disallows Ticket-Granting-Service based
                              issuances for this server.
        DISALLOW_RENEWABLE    Disallows renewable tickets for this
                              principal.
        DISALLOW_PROXIABLE    Disallows proxiable tickets for this
                              principal.
        DISALLOW_DUP_SKEY     Disallows duplicate SKEY for this
                              principal.
        DISALLOW_ALL_TIX      Disallows all tickets for this principal.
                              The client or server is locked out.
        REQUIRES_PRE_AUTH     Pre-Authentication is required for this
                              principal.
        REQUIRES_HW_AUTH      Hardware Pre-Authentication is required for
                              this principal.
        REQUIRES_PWCHANGE     Password change is required for this
                              principal.
        DISALLOW_SVR          Disallows service on this server.
        PWCHANGE_SERVICE      The server provides password changing
                              service.
        SUPPORT_DESMD5        RSA-MD5 with DES cbc mode is supported by
                              this principal.

3.9  –  Examples

      KerberosAdmin> Modify Principal TestPrincipal -
      _KerberosAdmin> /Attribute=DISALLOW_FORWARDABLE

      Requests that the TestPrincipal be modified such that forwardable
      tickets are disallowed.
Close Help