Index: en_US.ISO8859-1/books/handbook/security/chapter.xml
===================================================================
--- en_US.ISO8859-1/books/handbook/security/chapter.xml
+++ en_US.ISO8859-1/books/handbook/security/chapter.xml
@@ -1207,11 +1207,15 @@
 	<acronym>KDC</acronym> is recommended for security
 	reasons.</para>
 
-      <para>To begin setting up a <acronym>KDC</acronym>, add these
-	lines to <filename>/etc/rc.conf</filename>:</para>
+      <para>To begin install the <package>security/heimdal</package> package as follows:</para>
 
-      <programlisting>kdc_enable="YES"
-kadmind_enable="YES"</programlisting>
+      <screen>&prompt.root; <userinput>pkg install security/heimdal</userinput></screen>
+
+      <para>Next, update <filename>/etc/rc.conf</filename> using <command>sysrc</command>
+	as follows:</para>
+
+      <screen>&prompt.root; <userinput>sysrc kdc_enable="YES"</userinput>
+&prompt.root; <userinput>sysrc kadmind_enable="YES"</userinput></screen>
 
       <para>Next, edit <filename>/etc/krb5.conf</filename> as
 	follows:</para>
@@ -1295,24 +1299,30 @@
       <para>Lastly, while still in <command>kadmin</command>, create
 	the first principal using <command>add</command>.  Stick to
 	the default options for the principal for now, as these can be
+	<command>kadmin</command>, using the <command>add</command>.
+	Stick to the default options for the admin principal for now, as these can be
 	changed later with <command>modify</command>.  Type
 	<literal>?</literal> at the prompt to see the available
 	options.</para>
 
-      <screen>kadmin&gt; <userinput>add <replaceable>tillman</replaceable></userinput>
+      <screen>kadmin&gt; <userinput>add tillman</userinput>
 Max ticket life [unlimited]:
 Max renewable life [unlimited]:
+Principal expiration time [never]:
+Password expiration time [never]:
 Attributes []:
 Password: <userinput><replaceable>xxxxxxxx</replaceable></userinput>
 Verifying password - Password: <userinput><replaceable>xxxxxxxx</replaceable></userinput></screen>
 
-      <para>Next, start the <acronym>KDC</acronym> services by running
-	<command>service kdc start</command> and
-	<command>service kadmind start</command>.  While there will
-	not be any kerberized daemons running at this point, it is
-	possible to confirm that the <acronym>KDC</acronym> is
-	functioning by obtaining a ticket for the
-	principal that was just created:</para>
+      <para>Next, start the <acronym>KDC</acronym> services by running:</para>
+
+      <screen>&prompt.root; <userinput>service kdc start</userinput>
+&prompt.root; <userinput>service kadmind start</userinput></screen>
+
+      <para>While there will not be any kerberized daemons running at this point,
+	it is possible to confirm that the <acronym>KDC</acronym> is functioning by
+	obtaining a ticket for the principle that was just created:
+	</para>
 
       <screen>&prompt.user; <userinput>kinit <replaceable>tillman</replaceable></userinput>
 tillman@EXAMPLE.ORG's Password:</screen>
@@ -1380,7 +1390,7 @@
 	<command>kadmin</command> will prompt for the password to get
 	a fresh ticket.  The principal authenticating to the kadmin
 	service must be permitted to use the <command>kadmin</command>
-	interface, as specified in <filename>kadmind.acl</filename>.
+	interface, as specified in <filename>/var/heimdal/kadmind.acl</filename>.
 	See the section titled <quote>Remote administration</quote> in
 	<command>info heimdal</command> for details on designing
 	access control lists.  Instead of enabling remote
@@ -1756,8 +1766,8 @@
 
 	<listitem>
 	  <para><link
-	      xlink:href="https://www.h5l.org/">Heimdal
-	      <application>Kerberos</application> home
+	      xlink:href="https://github.com/heimdal/heimdal/wiki">Heimdal
+	      <application>Kerberos</application> project wiki
 	      page</link></para>
 	</listitem>
       </itemizedlist>
