KRB$ADMIN_HELP.HLB  —  MODIFY  PRINCIPAL
      principal_name

      The MODIFY PRINCIPAL command is used to modify a principal entry.

1  –  Qualifiers

2    /POLICY 

        /POLICY[=policy]
        /[NO]POLICY

        Specifies the policy for the modified principal.  If the negated
        for of this qualifier is used then the modified principal will
        have any associated policy removed.

3    /EXPIRATION 

        /EXPIRATION=date-time

        Specifies the expiration for the modified principal.

4    /PWD_EXPIRATION 

        /PWD_EXPIRATION=date-time

        Specifies the expiration for the modified principal's password.

5    /TICKET_LIFETIME 

        /TICKET_LIFETIME=(field [,...])

        Specifies the ticket lifetime for the modified principal.

5.1  –  Fields 

        MAX:delta-time

        Specifies the maximum ticket lifetime for the modified principal.

6    /RENEWAL_LIFETIME 

        /RENEWAL_LIFETIME=(field [,...])

        Specifies the ticket renewal lifetime for the modified principal.

6.1  –  Fields 

        MAX:delta-time

        Specifies the maximum ticket renewal lifetime for the modified
        principal.

7    /KEY_VERSION 

        /KEY_VERSION=number

        Specifies the key version number associated with the modified
        principal.  This value must be in the range of 0 through 255.

8    /ATTRIBUTES 

        /ATTRIBUTES=([NO]attrname[,...])

        Specifies the attributes associated with the modified principal.

        Keyword               Description

        DISALLOW_POSTDATED    Disallows postdated tickets for this
                              principal.
        DISALLOW_FORWARDABLE  Disallows forwardable tickets for this
                              principal.
        DISALLOW_TGT_BASED    Disallows Ticket-Granting-Service based
                              issuances for this server.
        DISALLOW_RENEWABLE    Disallows renewable tickets for this
                              principal.
        DISALLOW_PROXIABLE    Disallows proxiable tickets for this
                              principal.
        DISALLOW_DUP_SKEY     Disallows duplicate SKEY for this
                              principal.
        DISALLOW_ALL_TIX      Disallows all tickets for this principal.
                              The client or server is locked out.
        REQUIRES_PRE_AUTH     Pre-Authentication is required for this
                              principal.
        REQUIRES_HW_AUTH      Hardware Pre-Authentication is required for
                              this principal.
        REQUIRES_PWCHANGE     Password change is required for this
                              principal.
        DISALLOW_SVR          Disallows service on this server.
        PWCHANGE_SERVICE      The server provides password changing
                              service.
        SUPPORT_DESMD5        RSA-MD5 with DES cbc mode is supported by
                              this principal.

9  –  Examples 

      KerberosAdmin> Modify Principal TestPrincipal -
      _KerberosAdmin> /Attribute=DISALLOW_FORWARDABLE

      Requests that the TestPrincipal be modified such that forwardable
      tickets are disallowed.
Close Help