Skip to content

Modifying the database

Jump to bottom Edit New page
le photograveur edited this page Jun 10, 2023 · 2 revisions

All modifications of principals are done with with kadmin.

A principal has several attributes and lifetimes associated with it.

Principals are added, renamed, modified, and deleted with the kadmin commands add, rename, modify, and delete. Both interactive editing and command line flags can be used (use --help to list the available options).

There are different kinds of types for the fields in the database; attributes, absolute time times and relative times.

Attributes

When doing interactive editing, attributes are listed with ?.

The attributes are given in a comma (,) separated list. Attributes are removed from the list by prefixing them with a hyphen-dash (-).

kadmin> modify me
Max ticket life [1 day]:
Max renewable life [1 week]:
Principal expiration time [never]:
Password expiration time [never]:
Attributes [disallow-renewable]: requires-pre-auth,-disallow-renewable
kadmin> get me
            Principal: me@MY.REALM
[...]
           Attributes: requires-pre-auth

Absolute times

The format for absolute times are any of the following:

never
now
YYYY-mm-dd
YYYY-mm-dd HH:MM:SS

Relative times

The format for relative times are any of the following combined:

N year
M month
O day
P hour
Q minute
R second
Add a custom sidebar
Clone this wiki locally