diff --git a/doc/apps.texi b/doc/apps.texi index 82ab5d0d0..880f8fc29 100644 --- a/doc/apps.texi +++ b/doc/apps.texi @@ -95,7 +95,7 @@ following. @itemize @bullet @item -Replace all occurencies of @file{krb5_matrix.conf} with +Replace all occurrences of @file{krb5_matrix.conf} with @file{krb5+c2_matrix.conf} in the directions above. @item You must enable ``vouching'' in the @samp{default} database. This will @@ -124,7 +124,7 @@ Also, kerberised ftp will not work with C2 passwords. You can solve this by using both Digital's ftpd and our on different ports. @strong{Remember}, if you do these changes you will get a system that -most certainly does @emph{not} fulfill the requirements of a C2 +most certainly does @emph{not} fulfil the requirements of a C2 system. If C2 is what you want, for instance if someone else is forcing you to use it, you're out of luck. If you use enhanced security because you want a system that is more secure than it would otherwise be, you @@ -153,7 +153,7 @@ the same object format as the program that tries to load it. This might require that you have to configure and build for O32 in addition to the default N32. -Appart from this it should ``just work''; there are no configuration +Apart from this it should ``just work''; there are no configuration files. Note that recent Irix 6.5 versions (at least 6.5.22) have PAM, diff --git a/doc/install.texi b/doc/install.texi index beb2b5b26..f791f16e7 100644 --- a/doc/install.texi +++ b/doc/install.texi @@ -35,7 +35,7 @@ install}. The default location for installation is @file{/usr/heimdal}, but this can be changed by running @code{configure} with @samp{--prefix=/some/other/place}. -If you need to change the default behavior, configure understands the +If you need to change the default behaviour, configure understands the following options: @table @asis diff --git a/doc/setup.texi b/doc/setup.texi index db101480c..e1ce32928 100644 --- a/doc/setup.texi +++ b/doc/setup.texi @@ -386,7 +386,7 @@ You might need to add @samp{kpasswd} to your @file{/etc/services} as It is important that users have good passwords, both to make it harder to guess them and to avoid off-line attacks (although -pre-authentication provides some defense against off-line attacks). +pre-authentication provides some defence against off-line attacks). To ensure that the users choose good passwords, you can enable password quality controls in @command{kpasswdd} and @command{kadmind}. The controls themselves are done in a shared library or an external @@ -405,7 +405,7 @@ In @samp{[password_quality]policies} the module name is optional if the policy name is unique in all modules (members of @samp{policy_libraries}). -The builtin polices are +The built-in polices are @itemize @bullet @@ -590,9 +590,9 @@ slave# /usr/heimdal/libexec/ipropd-slave master & @section Salting @cindex Salting -Salting is used to make it harder to precalculate all possible +Salting is used to make it harder to pre-calculate all possible keys. Using a salt increases the search space to make it almost -impossible to precalculate all keys. Salting is the process of mixing a +impossible to pre-calculate all keys. Salting is the process of mixing a public string (the salt) with the password, then sending it through an encryption type specific string-to-key function that will output the fixed size encryption key. @@ -800,7 +800,7 @@ RFC-2782 (A DNS RR for specifying the location of services (DNS SRV)). @subsection Using DNS to map hostname to Kerberos realm Heimdal also supports a way to lookup a realm from a hostname. This to -minimize configuration needed on clients. Using this has the drawback +minimise configuration needed on clients. Using this has the drawback that clients can be redirected by an attacker to realms within the same cross realm trust and made to believe they are talking to the right server (since Kerberos authentication will succeed). @@ -826,7 +826,7 @@ Heimdal. Note that before attempting to configure such an installation, you should be aware of the implications of storing private information (such as users' keys) in a directory service primarily designed for public information. Nonetheless, with a -suitable authorization policy, it is possible to set this up in a +suitable authorisation policy, it is possible to set this up in a secure fashion. A knowledge of LDAP, Kerberos, and C is necessary to install this backend. The HDB schema was devised by Leif Johansson. @@ -922,7 +922,7 @@ directory to have the raw keys inside it. @item Once you have built Heimdal and started the LDAP server, run kadmin -(as usual) to initialize the database. Note that the instructions for +(as usual) to initialise the database. Note that the instructions for stashing a master key are as per any Heimdal installation. @example @@ -975,7 +975,7 @@ index krb5PrincipalName eq @c @node Using Samba LDAP password database, Providing Kerberos credentials to servers and programs, Using LDAP to store the database, Setting up a realm @c @section Using Samba LDAP password database -The Samba domain and the Kerberos realm can have diffrent names since +The Samba domain and the Kerberos realm can have different names since arcfour's string to key functions principal/realm independent. So now will be your first and only chance name your Kerberos realm without needing to deal with old configuration files. diff --git a/doc/whatis.texi b/doc/whatis.texi index 622289ba6..39a144be1 100644 --- a/doc/whatis.texi +++ b/doc/whatis.texi @@ -121,7 +121,7 @@ attack. her credentials, @var{C} just pretend to verify them. @var{C} can't be sure that she is talking to @var{A}. -@section Defense strategies +@section Defence strategies It would be possible to add a @dfn{replay cache} @cindex replay cache