Fix some typos.

doc/setup.texi

@@ -108,7 +108,7 @@ SRV-record for your realm, or your Kerberos server has DNS CNAME
 
 @cindex KRB5_CONFIG
 If you want to use a different configuration file then the default you
-can point a file with the enviroment variable @samp{KRB5_CONFIG}.
+can point a file with the environment variable @samp{KRB5_CONFIG}.
 
 @example
 env KRB5_CONFIG=$HOME/etc/krb5.conf kinit user@@REALM
@@ -1295,21 +1295,21 @@ the mapping in the principals entry in the kerberos database.
 
 This and following subsection documents the requirements on the KDC
 and client certificates and the format used in the id-pkinit-san
-OtherName extention.
+OtherName extension.
 
 On how to create certificates, you should read @ref{Use OpenSSL to
 create certificates}.
 
 @subsection KDC certificate
 
-The certificate for the KDC has serveral requirements.
+The certificate for the KDC has several requirements.
 
 First, the certificate should have an Extended Key Usage (EKU)
 id-pkkdcekuoid (1.3.6.1.5.2.3.5) set. Second, there must be a
 subjectAltName otherName using OID id-pkinit-san (1.3.6.1.5.2.2) in
 the type field and a DER encoded KRB5PrincipalName that matches the
 name of the TGS of the target realm.  Also, if the certificate has a
-nameConstraints extention with a Generalname with dNSName or iPAdress,
+nameConstraints extension with a Generalname with dNSName or iPAdress,
 it must match the hostname or adress of the KDC.
 
 The client is not required by the standard to check the server
@@ -1343,7 +1343,7 @@ This behavior is controlled by KDC configuration option:
 
 @subsubsection Using KRB5PrincipalName in id-pkinit-san
 
-The OtherName extention in the GeneralName is used to do the mapping
+The OtherName extension in the GeneralName is used to do the mapping
 between certificate and principal.  For the KDC certificate, this
 stores the krbtgt principal name for that KDC.  For the client
 certificate, this stores the principal for which that certificate is