Next: , Previous: Creating the database, Up: Setting up a realm


4.3 Modifying the database

All modifications of principals are done with with kadmin.

A principal has several attributes and lifetimes associated with it.

Principals are added, renamed, modified, and deleted with the kadmin commands `add', `rename', `modify', `delete'. Both interactive editing and command line flags can be used (use –help to list the available options).

There are different kinds of types for the fields in the database; attributes, absolute time times and relative times.

4.3.1 Attributes

When doing interactive editing, attributes are listed with `?'.

The attributes are given in a comma (`,') separated list. Attributes are removed from the list by prefixing them with `-'.

     kadmin> modify me
     Max ticket life [1 day]:
     Max renewable life [1 week]:
     Principal expiration time [never]:
     Password expiration time [never]:
     Attributes [disallow-renewable]: requires-pre-auth,-disallow-renewable
     kadmin> get me
                 Principal: me@MY.REALM
     [...]
                Attributes: requires-pre-auth

4.3.2 Absolute times

The format for absolute times are any of the following:

     never
     now
     YYYY-mm-dd
     YYYY-mm-dd HH:MM:SS

4.3.3 Relative times

The format for relative times are any of the following combined:

     N year
     M month
     O day
     P hour
     Q minute
     R second