The MODIFY command is used to modify password, policy, or principal
data.
1 – PASSWORD
principal_name
The MODIFY PASSWORD command is used to modify a principal's
password.
1.1 – Qualifiers
1.2 /PASSWORD
/PASSWORD=password
Specifies the password for the specified principal.
1.3 /RANDOM
/RANDOM
Specifies the random key generation for the specified principal.
1.4 – Examples
KerberosAdmin> Modify Password TestAccount /Password=NewPassword
Requests that the TestAccount password be changed to NewPassword.
2 – POLICY
policy_name
The MODIFY POLICY command is used to modify a password policy
entry.
2.1 – Qualifiers
2.2 /LIFETIME
/LIFETIME=(field [,...])
Specifies the password lifetime for the modified policy.
2.2.1 – Fields
MAX:delta-time
Specifies the maximum password lifetime for the modified policy.
MIN:delta-time
Specifies the minimum password lifetime for the modified policy.
2.3 /LENGTH
/LENGTH=(field [,...])
Specifies the password length for the modified policy.
2.3.1 – Fields
MIN:n
Specifies the minimum password length for the modified policy.
2.4 /CLASSES
/CLASSES=(field [,...])
Specifies the minimum password classes for the modified policy.
2.4.1 – Fields
MIN:n
Specifies the minimum password length for the modified policy.
2.5 /HISTORY
/HISTORY=(field [,...])
Specifies the password history for the modified policy.
2.5.1 – Fields
MIN:n
Specifies the minimum password history for the modified policy.
2.6 – Examples
KerberosAdmin> Modify Policy TestPolicy /Max_Pwd_Lifetime=30-00:00:00
Requests that the maximum password lifetime of TestPolicy be set to
30 days.
3 – PRINCIPAL
principal_name
The MODIFY PRINCIPAL command is used to modify a principal entry.
3.1 – Qualifiers
3.2 /POLICY
/POLICY[=policy]
/[NO]POLICY
Specifies the policy for the modified principal. If the negated
for of this qualifier is used then the modified principal will
have any associated policy removed.
3.3 /EXPIRATION
/EXPIRATION=date-time
Specifies the expiration for the modified principal.
3.4 /PWD_EXPIRATION
/PWD_EXPIRATION=date-time
Specifies the expiration for the modified principal's password.
3.5 /TICKET_LIFETIME
/TICKET_LIFETIME=(field [,...])
Specifies the ticket lifetime for the modified principal.
3.5.1 – Fields
MAX:delta-time
Specifies the maximum ticket lifetime for the modified principal.
3.6 /RENEWAL_LIFETIME
/RENEWAL_LIFETIME=(field [,...])
Specifies the ticket renewal lifetime for the modified principal.
3.6.1 – Fields
MAX:delta-time
Specifies the maximum ticket renewal lifetime for the modified
principal.
3.7 /KEY_VERSION
/KEY_VERSION=number
Specifies the key version number associated with the modified
principal. This value must be in the range of 0 through 255.
3.8 /ATTRIBUTES
/ATTRIBUTES=([NO]attrname[,...])
Specifies the attributes associated with the modified principal.
Keyword Description
DISALLOW_POSTDATED Disallows postdated tickets for this
principal.
DISALLOW_FORWARDABLE Disallows forwardable tickets for this
principal.
DISALLOW_TGT_BASED Disallows Ticket-Granting-Service based
issuances for this server.
DISALLOW_RENEWABLE Disallows renewable tickets for this
principal.
DISALLOW_PROXIABLE Disallows proxiable tickets for this
principal.
DISALLOW_DUP_SKEY Disallows duplicate SKEY for this
principal.
DISALLOW_ALL_TIX Disallows all tickets for this principal.
The client or server is locked out.
REQUIRES_PRE_AUTH Pre-Authentication is required for this
principal.
REQUIRES_HW_AUTH Hardware Pre-Authentication is required for
this principal.
REQUIRES_PWCHANGE Password change is required for this
principal.
DISALLOW_SVR Disallows service on this server.
PWCHANGE_SERVICE The server provides password changing
service.
SUPPORT_DESMD5 RSA-MD5 with DES cbc mode is supported by
this principal.
3.9 – Examples
KerberosAdmin> Modify Principal TestPrincipal -
_KerberosAdmin> /Attribute=DISALLOW_FORWARDABLE
Requests that the TestPrincipal be modified such that forwardable
tickets are disallowed.