Errata

Kerberos: The Definitive Guide

Errata for Kerberos: The Definitive Guide

Submit your own errata for this product.

The errata list is a list of errors and their corrections that were found after the product was released. If the error was corrected in a later version or reprint the date of the correction will be displayed in the column titled "Date Corrected".

The following errata were submitted by our customers and approved as valid errors by the author or editor.

Color key: Serious technical mistake Minor technical mistake Language or formatting error Typo Question Note Update

Version Location Description Submitted By Date submitted Date corrected
Printed
Page 7
last paragraph, 2nd to last line

Errol Young
should be:
Eric Young

 Anonymous   
Printed
Page 19
Just before 'Kerberos 5 prinicals' heading

service.hostanem@REALM
should be
service.hostname@REALM

 Anonymous   
Printed
Page 24
5th paragraph

"Since the Needham and Schroeder protocol"
should read
"Since the Needham-Schroeder protocol"

to be consistent with the rest of this section (i.e. "Needham and Schroeder" is use
when mentioning the individuals, but "Needham-Schroeder" is used for referring to the
protocol itself.

The same error is present on page 25, paragraph 2, line 5, where "The Needham and
Schroeder protocol" should read "The Needham-Schroeder protocol".

 Anonymous   
Printed
Page 25
last paragraph, line 2

The line as printed reads:

"...sends the authentication server a message containing the its own identity and the..."
The second word "the" should be omitted, so it reads
"...sends the authentication server a message containing its own identity and the..."

 Anonymous   
Printed
Page 27
2nd paragraph of the locked box inset

identiacal
should be:
identical

Anonymous   
Printed
Page 29
Caption on figure 3-5

'reply attack' should read 'replay attack'

 Anonymous   
Printed
Page 67
last sentence on page

"since the Kerberos libraries will be smart enough to figure those
out on its own"
should be
"... on their own"

 Anonymous   
Printed
Page 91
Top of page

Another tool that can be helpful is the Kerberized telnet daemon. It has rather
verbose output so that errors can be readily gleamed from the messages it prints when
connecting.

NOW READS:
'gleaned'

 Anonymous    Oct 01, 2003
Printed
Page 111
In Chapter 6, in the page 111 footnote,

the URL is broken:
http://theory.stanford.edu/~tjw/krbpass.html

NOW READS:
http://citeseer.nj.nec.com/418833.html

 Anonymous    Oct 01, 2003
Printed
Page 115
1st paragraph in the section entitled "Heimdal", 4th line

"in 30 day's time"
should read
"in 30 days' time"
(mis-placed apostrophe)

 Anonymous   
Printed
Page 129
Paragraph entitled "Logon Auditing"

line 5: "severs" should be "servers"

 Anonymous   
Printed
Page 138
6th line on page

"change to a client application does support Kerberos"
should read
"change to a client application that does support Kerberos"

 Anonymous   
Printed
Page 142
lines 2-3 on page

"such as a PAM module to check if the potential users' shell,
located in /etc/shells"

should probably read

"such as a PAM module to check if the potential user's shell is
listed in /etc/shells"

 Anonymous   
Printed
Page 142
line 15

password required /lib/security/pam_cracklib.so retry=3 type=
should be:
password required /lib/security/pam_cracklib.so retry=3

 Anonymous   
Printed
Page 146
3rd paragraph

"Simple and Protected GSSAPI Protection Mechanism"
Should be
"Simple and Protected GSSAPI Negotiation Mechanism".

 Anonymous   
Printed
Page 150
9th line from bottom

"om which" should be "of which"

 Anonymous   
Printed
Page 150
4th line from bottom

"gleamed" should read "gleaned"

 Anonymous   
Printed
Page 156
3rd paragraph, sentence

".. placed in a keytab that can be read by the OpenLDAP server, slurpd"
should be:
".. placed in a keytab that can be read by the OpenLDAP server, slapd"

 Anonymous   
Printed
Page 179
3rd paragraph

It concerns the ktpass command example.

W2K.WEDGIE.ORG was choosen as the realm. wedgie.org is the domain.

the listen command is:

ktpass -out unixhost.keytab -princ host/unix.wedgie.org@WEDGIE.ORG

it should be:

ktpass -out unixhost.keytab -princ host/unix.wedgie.org@W2K.WEDGIE.ORG

 Anonymous   
Printed
Page 213
3rd paragraph

"to carry out an attach on a smart card"
should be
"to carry out an attack on a smart card"

 Anonymous   
Printed
Page 233
In Appendix A, on page 233,

the first item in the list under the text para was
"disallow-postdataed"

NOW READS:
"disallow-postdated"

 Anonymous    Oct 01, 2003
Printed
Page 253
index entry

Young, Errol, 7
should be:
Young, Eric, 7

 Anonymous