Index: en_US.ISO8859-1/books/handbook/security/chapter.xml
===================================================================
--- en_US.ISO8859-1/books/handbook/security/chapter.xml
+++ en_US.ISO8859-1/books/handbook/security/chapter.xml
@@ -1207,11 +1207,15 @@
 	<acronym>KDC</acronym> is recommended for security
 	reasons.</para>
 
-      <para>To begin setting up a <acronym>KDC</acronym>, add these
-	lines to <filename>/etc/rc.conf</filename>:</para>
+      <para>To begin install the <package>security/heimdal</package> package as follows:</para>
 
-      <programlisting>kdc_enable="YES"
-kadmind_enable="YES"</programlisting>
+      <screen>&prompt.root; <userinput>pkg install security/heimdal</userinput></screen>
+
+      <para>Next, update <filename>/etc/rc.conf</filename> using <command>sysrc</command>
+	as follows:</para>
+
+      <screen>&prompt.root; <userinput>sysrc kdc_enable="YES"</userinput>
+&prompt.root; <userinput>sysrc kadmind_enable="YES"</userinput></screen>
 
       <para>Next, edit <filename>/etc/krb5.conf</filename> as
 	follows:</para>
@@ -1292,13 +1296,26 @@
 kadmin&gt; <userinput>init <replaceable>EXAMPLE.ORG</replaceable></userinput>
 Realm max ticket life [unlimited]:</screen>
 
-      <para>Lastly, while still in <command>kadmin</command>, create
-	the first principal using <command>add</command>.  Stick to
-	the default options for the principal for now, as these can be
+
+     <para>Next, add the root user as the administrator user using
+	<command>kadmin</command>, using the <command>add</command>.
+	Stick to the default options for the admin principal for now, as these can be
 	changed later with <command>modify</command>.  Type
 	<literal>?</literal> at the prompt to see the available
 	options.</para>
 
+      <screen>kadmin&gt; <userinput>add root/admin</userinput>
+Max ticket life [unlimited]:
+Max renewable life [unlimited]:
+Attributes []:
+Password: <userinput><replaceable>xxxxxxxx</replaceable></userinput>
+Verifying password - Password: <userinput><replaceable>xxxxxxxx</replaceable></userinput></screen>
+
+
+      <para>Lastly, still in <command>kadmin</command>, create
+	the first principal using <command>add</command>.
+	</para>
+
       <screen>kadmin&gt; <userinput>add <replaceable>tillman</replaceable></userinput>
 Max ticket life [unlimited]:
 Max renewable life [unlimited]:
@@ -1306,13 +1323,15 @@
 Password: <userinput><replaceable>xxxxxxxx</replaceable></userinput>
 Verifying password - Password: <userinput><replaceable>xxxxxxxx</replaceable></userinput></screen>
 
-      <para>Next, start the <acronym>KDC</acronym> services by running
-	<command>service kdc start</command> and
-	<command>service kadmind start</command>.  While there will
-	not be any kerberized daemons running at this point, it is
-	possible to confirm that the <acronym>KDC</acronym> is
-	functioning by obtaining a ticket for the
-	principal that was just created:</para>
+      <para>Next, start the <acronym>KDC</acronym> services by running:</para>
+
+      <screen>&prompt.root; <userinput>service kdc start</userinput>
+&prompt.root; <userinput>service kadmind start</userinput></screen>
+
+      <para>While there will not be any kerberized daemons running at this point,
+	it is possible to confirm that the <acronym>KDC</acronym> is functioning by
+	obtaining a ticket for the principle that was just created:
+	</para>
 
       <screen>&prompt.user; <userinput>kinit <replaceable>tillman</replaceable></userinput>
 tillman@EXAMPLE.ORG's Password:</screen>
@@ -1380,7 +1399,7 @@
 	<command>kadmin</command> will prompt for the password to get
 	a fresh ticket.  The principal authenticating to the kadmin
 	service must be permitted to use the <command>kadmin</command>
-	interface, as specified in <filename>kadmind.acl</filename>.
+	interface, as specified in <filename>/var/heimdal/kadmind.acl</filename>.
 	See the section titled <quote>Remote administration</quote> in
 	<command>info heimdal</command> for details on designing
 	access control lists.  Instead of enabling remote
