Since the Primary Key - whether simple or composite - essentially "is" the
EJB, any attempt to change it is effectively deleting the old EJB and creating a new one.
I haven't checked the spec to see if it's explicitly forbidden to change the primary key fields, but from a practical point of view, it's almost certainly safer to actually remove and create. Just make sure that the operation is wrapped in a transaction (for example, done through a session EJB) in order to ensure that the operation is atomic.
The secret of how to be miserable is to constantly expect things are going to happen the way that they are "supposed" to happen.
You can have faith, which carries the understanding that you may be disappointed. Then there's being a willfully-blind idiot, which virtually guarantees it.