All modifications of principals are done with with kadmin.
A principal has several attributes and lifetimes associated with it.
Principals are added, renamed, modified, and deleted with the kadmin commands `add', `rename', `modify', `delete'. Both interactive editing and command line flags can be used (use –help to list the available options).
There are different kinds of types for the fields in the database; attributes, absolute time times and relative times.
When doing interactive editing, attributes are listed with `?'.
The attributes are given in a comma (`,') separated list. Attributes are removed from the list by prefixing them with `-'.
kadmin> modify me Max ticket life [1 day]: Max renewable life [1 week]: Principal expiration time [never]: Password expiration time [never]: Attributes [disallow-renewable]: requires-pre-auth,-disallow-renewable kadmin> get me Principal: me@MY.REALM [...] Attributes: requires-pre-auth
The format for absolute times are any of the following:
never now YYYY-mm-dd YYYY-mm-dd HH:MM:SS
The format for relative times are any of the following combined:
N year M month O day P hour Q minute R second