Kerberos: The Definitive Guide by Jason Garman This errata page lists errors outstanding in the most recent printing. If you have technical questions or error reports, you can send them to booktech@oreilly.com. Please specify the printing date of your copy. This page was updated April 18, 2007. Here's a key to the markup: [page-number]: serious technical mistake {page-number}: minor technical mistake : important language/formatting problem (page-number): language change or minor formatting problem ?page-number?: reader question or request for clarification Confirmed errors: {7} last paragraph, 2nd to last line; Errol Young should be: Eric Young (19) Just before 'Kerberos 5 prinicals' heading; service.hostanem@REALM should be service.hostname@REALM (24) 5th paragraph; "Since the Needham and Schroeder protocol" should read "Since the Needham-Schroeder protocol" to be consistent with the rest of this section (i.e. "Needham and Schroeder" is use when mentioning the individuals, but "Needham-Schroeder" is used for referring to the protocol itself. The same error is present on page 25, paragraph 2, line 5, where "The Needham and Schroeder protocol" should read "The Needham-Schroeder protocol". (25) last paragraph, line 2; The line as printed reads: "...sends the authentication server a message containing the its own identity and the..." The second word "the" should be omitted, so it reads "...sends the authentication server a message containing its own identity and the..." (27) 2nd paragraph of the locked box inset; identiacal should be: identical (29) Caption on figure 3-5; 'reply attack' should read 'replay attack' (67) last sentence on page; "since the Kerberos libraries will be smart enough to figure those out on its own" should be "... on their own" (115) 1st paragraph in the section entitled "Heimdal", 4th line; "in 30 day's time" should read "in 30 days' time" (mis-placed apostrophe) (129) Paragraph entitled "Logon Auditing"; line 5: "severs" should be "servers" (138) 6th line on page; "change to a client application does support Kerberos" should read "change to a client application that does support Kerberos" (142) lines 2-3 on page; "such as a PAM module to check if the potential users' shell, located in /etc/shells" should probably read "such as a PAM module to check if the potential user's shell is listed in /etc/shells" (142) line 15 password required /lib/security/pam_cracklib.so retry=3 type= should be: password required /lib/security/pam_cracklib.so retry=3 (146) 3rd paragraph "Simple and Protected GSSAPI Protection Mechanism" Should be "Simple and Protected GSSAPI Negotiation Mechanism". (150) 9th line from bottom; "om which" should be "of which" (150) 4th line from bottom; "gleamed" should read "gleaned" [156] 3rd paragraph, sentence ; ".. placed in a keytab that can be read by the OpenLDAP server, slurpd" should be: ".. placed in a keytab that can be read by the OpenLDAP server, slapd" {179} 3rd paragraph; It concerns the ktpass command example. W2K.WEDGIE.ORG was choosen as the realm. wedgie.org is the domain. the listen command is: ktpass -out unixhost.keytab -princ host/unix.wedgie.org@WEDGIE.ORG it should be: ktpass -out unixhost.keytab -princ host/unix.wedgie.org@W2K.WEDGIE.ORG (213) 3rd paragraph; "to carry out an attach on a smart card" should be "to carry out an attack on a smart card" {253} index entry; Young, Errol, 7 should be: Young, Eric, 7