Errata
The errata list is a list of errors and their corrections that were found after the product was released.
The following errata were submitted by our customers and have not yet been approved or disproved by the author or editor. They solely represent the opinion of the customer.
Color Key: Serious technical mistake Minor technical mistake Language or formatting error Typo Question Note Update
Version | Location | Description | Submitted by | Date submitted |
---|---|---|---|---|
Figure 3-6 Figure 3-6 |
In Figure 3-6, the principal listed in the AS request is "krbgt". It should have been "krbtgt", as described in the text and as per the response. |
morty_a | Feb 20, 2018 | |
Part 8 Cross-Realm Authentication, paragraph 6 |
The page reads "However, direct cross-realm between all of these organizations would require approximately n2 different keys, where n is the number of participating Kerberos realms." The 2 in n2 should be a superscript -- the meaning should be n^2. |
Martin Greenberg | Jan 28, 2019 | |
Printed | Page 16 last paragraph |
"(this simple example only provides 1025 possible hash values)" |
Anonymous | |
Page 23 title "Putting the Pieces Together", 2nd paragraph, line 6-7 |
"instead, my telnet client obtained a service principal from the Ticket Granting Server", |
Anonymous | Aug 19, 2016 | |
Printed | Page 25 Figure 3-1, 3-2, 3-3,etc. |
In Figure 3-1 Needham-Schroeder Authentication Request, the "identity of the |
Anonymous | |
Printed | Page 27 Figure 3-3: Ticket box |
The caption for the ticket box is: |
Anonymous | |
Printed | Page 29 2nd paragraph |
The nonce mentioned in the 4th paragraph of page 26, and shown in Figure 3-2, seems to have nothing to do with the nonce the application server later sends the client to prevent replay attacks (Figure 3-5). |
Anonymous | |
Printed | Page 29 Figure 3-5 |
Communication is wrong way round in Figure 3.5 Needham-Schroeder reply attack |
Anonymous | |
Printed | Page 29 Figure 3-5 |
the paragraph before the Figure talks about how the application server "force the client to prove to the application server that it is really knows the session key" |
Anonymous | Jul 27, 2008 |
Printed | Page 32 Figure 3-6 |
In the client message "krbgt principal name" should read "krbtgt principal name". |
Anonymous | Oct 24, 2008 |
Printed | Page 34 figure 3-8 |
The figure shows the authenticator as being encrypted with the "service's key". I think this should be the session key. |
Anonymous | |
Printed | Page 41 Figure 3-10 |
The figure seems to be depicting an AS reply. The purpose of the session key in 9780596004033 5 is to limit the exposure of the user key. Only the session key from the initial AS_REP should be used to encrypt the EncTGSRepPart in the TGS reply (NOT the user key). |
Anonymous | |
Printed | Page 62 2nd and 3rd paragraph |
use qoute when qouting computer response messages. |
Anonymous | |
Printed | Page 62 2nd and 3rd paragraph |
use qoute when qouting computer response messages. |
Anonymous | Jul 28, 2008 |
Other Digital Version | 1391 2nd Paragraph |
You use an encryption in the kdc.conf which is not used with kerberos by default, but not changin the default_tgs_enctype in the krb5.conf |
Anonymous | Sep 12, 2014 |