The security administrator (by default the user ID SYSPRIV) can use this command to modify an entry in the key table.

Any existing entry is assigned a new password. When a new password is assigned the keys of the current session are supplemented by the new one, which means that different versions of the keys can be taken into consideration for the access check. This method also permits interrupt-free operation during the period between the password change in BS2000 and the KDC.

ENTRY-IDENTIFICATION = *STD / *SYSTEM-DEFAULT / <name 1..8>
Identification of the entry which is to be modified.

NEW-IDENTIFICATION = *SAME / *STD / <name 1..8>
New identification to which the entry is to be renamed.

PUBSET = *HOME / <cat-id 1..4>
Catalog ID of the pubset in whose user catalog the keys are modified. During operation the keys of the home pubset are definitive.

ADD-KEY = *NONE / *PASSWORD(...)
Specifies whether keys are to be added.

ADD-KEY = *NONE
No keys are added.

ADD-KEY = *PASSWORD(...)
The keys are generated from a password.

PASSWORD =
Password of the BS2000 system.

PASSWORD = *SECRET-PROMPT(...)
The password is to remain hidden when entered.

KEY-PASSWORD =
Password of the BS2000 system as defined in the KDC.

KEY-PASSWORD = *SECRET
The password is requested in hidden mode.

KEY-PASSWORD = <c-string 1..127 with-low>
Specification of the password.

CONFIRM-PASSWORD = *SECRET / <c-string 1..127 with-low>
Repetition of the password entered in hidden mode.

CONFIRM-PASSWORD = *SECRET
The password is requested in hidden mode.

CONFIRM-PASSWORD = <c-string 1..127 with-low>
Repeated specification of the password.

PASSWORD = <c-string 1..127 with-low>
Password of the BS2000 system as defined in the KDC.

KEY-VERSION = *INCREMENT / <integer 0..2147483647>
Specification of the key version.

KEY-VERSION = *INCREMENT
The highest key version to date is incremented by 1.

REMOVE-KEY =
Specifies whether keys are to be deleted.

REMOVE-KEY = *NONE
No keys are deleted.

REMOVE-KEY = *ALL
All keys are deleted.

REMOVE-KEY = *SELECT(...)
All keys which satisfy all the criteria specified below are deleted.

CREATION-DATE = *ANY / *OBSOLETE / <date>(...) / *TODAY(...) /
*YESTERDAY(...) / <integer –32768..0>(...) / *INTERVAL(...)
Selection of the keys depending on their creation date.

CREATION-DATE = *ANY
Selection takes place regardless of the key creation date.

CREATION-DATE = *OBSOLETE
Selection of all keys except the newest one.

CREATION-DATE = <date>(...) / *TODAY(...) / *YESTERDAY(...)
Selection of all keys with the specified creation date.

TIME = *ANY / <time>
Additional restriction of the selection to the specified time.

CREATION-DATE = <integer –32768..0>(...)
Selection of all keys with the specified creation date.

The creation date is specified relative to the current time and is in the past.

DIMENSION = *DAYS / *HOURS / *MINUTES
Unit and accuracy of the relative time specification.

CREATION-DATE = *INTERVAL(...)
Selection of all keys whose creation date is in the specified period.

FROM =
Start of the period in which the creation date of the keys to be selected is to lie.

FROM = *EARLIEST-EXISTING
The period starts with the creation date of the oldest key.

FROM = <date>(...) / *TODAY(...) / *YESTERDAY(...)
The period starts with the specified date.

TIME = *ANY / <time>
Additional restriction of the start of the period to the specified time.

FROM = <integer –32768..0>(...)
The start of the period is specified relative to the current time and is in the past.

DIMENSION = *DAYS / *HOURS / *MINUTES
Unit and accuracy of the relative time specification.

TO =
End of the period in which the creation date of the keys to be selected should lie.

TO = *LATEST-EXISTING
The period ends with the creation date of the newest key.

TO = <date>(...) / *TODAY(...) / *YESTERDAY(...)
The period ends with the specified date.

TIME = *ANY / <time>
Additional restriction of the end of the period to the specified time.

TO = <integer –32768..0>(...)
The end of the period is specified relative to the current time and is in the past.

DIMENSION = *DAYS / *HOURS / *MINUTES
Unit and accuracy of the relative time specification.

ENCRYPTION-TYPE = *ANY / <composed-name 1..32 with-wild(64)>
Selection of the keys depending on the encryption type.

ENCRYPTION-TYPE = *ANY
Selection takes place regardless of the encryption type.

KEY-VERSION =
Selection of the keys is dependent on the key version.

KEY-VERSION = *ANY
Selection takes place regardless of the key version.

KEY-VERSION = *OBSOLETE
Selection of all keys except the one with the highest key version.

KEY-VERSION = *INTERVAL(...)
Selection of all keys with a version in the specified version range.

FROM = *LOWEST-EXISTING / <integer 0..2147483647>
Selects all keys with at least this version.

TO = *HIGHEST-EXISTING / <integer 0..2147483647>
Selects all keys with at most this version.

KEY-OVERLAP-PERIOD =
Specifies how long keys remain valid after they have been replaced by a key of the same encryption type (ENCRYPTION-TYPE) with a higher key version (KEY-VERSION).
The new remaining validity time has an immediate effect on all the keys stored.

KEY-OVERLAP-PERIOD = *UNCHANGED
The validity of obsolete keys is not modified.

KEY-OVERLAP-PERIOD = *UNLIMITED
Obsolete keys remain valid for an unlimited period.

KEY-OVERLAP-PERIOD = *NO
Obsolete keys are deleted immediately.

KEY-OVERLAP-PERIOD = <integer 0..32767>(...)
Obsolete keys are deleted after the specified period has elapsed.
A key is obsolete if it and the key with the next highest version are both older than the time period specified.

DIMENSION = *MINUTES / *HOURS / *DAYS
Unit and accuracy of the time period specified.

SYSTEM-DEFAULT = *UNCHANGED / *NO / *YES
Specifies whether this entry should be made the system default. If none of the named entries has been declared as the system default, the *STD entry automatically inherits this property. All applications which do not specify a particular entry for the ticket request and decryption use the system default.