Index: head/en_US.ISO8859-1/books/handbook/security/chapter.xml
===================================================================
--- head/en_US.ISO8859-1/books/handbook/security/chapter.xml
+++ head/en_US.ISO8859-1/books/handbook/security/chapter.xml
@@ -1207,12 +1207,17 @@
 	<acronym>KDC</acronym> is recommended for security
 	reasons.</para>
 
-      <para>To begin setting up a <acronym>KDC</acronym>, add these
-	lines to <filename>/etc/rc.conf</filename>:</para>
+      <para>To begin, install the <package>security/heimdal</package>
+	package as follows:</para>
 
-      <programlisting>kdc_enable="YES"
-kadmind_enable="YES"</programlisting>
+      <screen>&prompt.root; <userinput>pkg install heimdal</userinput></screen>
 
+      <para>Next, update <filename>/etc/rc.conf</filename> using
+	<command>sysrc</command> as follows:</para>
+
+      <screen>&prompt.root; <userinput>sysrc kdc_enable=yes</userinput>
+&prompt.root; <userinput>sysrc kadmind_enable=yes</userinput></screen>
+
       <para>Next, edit <filename>/etc/krb5.conf</filename> as
 	follows:</para>
 
@@ -1295,25 +1300,32 @@
       <para>Lastly, while still in <command>kadmin</command>, create
 	the first principal using <command>add</command>.  Stick to
 	the default options for the principal for now, as these can be
-	changed later with <command>modify</command>.  Type
-	<literal>?</literal> at the prompt to see the available
+	<command>kadmin</command>, using the <command>add</command>.
+	Stick to the default options for the admin principal for now,
+	as these can be changed later with <command>modify</command>.
+	Type <literal>?</literal> at the prompt to see the available
 	options.</para>
 
-      <screen>kadmin&gt; <userinput>add <replaceable>tillman</replaceable></userinput>
+      <screen>kadmin&gt; <userinput>add tillman</userinput>
 Max ticket life [unlimited]:
 Max renewable life [unlimited]:
+Principal expiration time [never]:
+Password expiration time [never]:
 Attributes []:
 Password: <userinput><replaceable>xxxxxxxx</replaceable></userinput>
 Verifying password - Password: <userinput><replaceable>xxxxxxxx</replaceable></userinput></screen>
 
-      <para>Next, start the <acronym>KDC</acronym> services by running
-	<command>service kdc start</command> and
-	<command>service kadmind start</command>.  While there will
-	not be any kerberized daemons running at this point, it is
-	possible to confirm that the <acronym>KDC</acronym> is
-	functioning by obtaining a ticket for the
-	principal that was just created:</para>
+      <para>Next, start the <acronym>KDC</acronym> services by
+	running:</para>
 
+      <screen>&prompt.root; <userinput>service kdc start</userinput>
+&prompt.root; <userinput>service kadmind start</userinput></screen>
+
+      <para>While there will not be any kerberized daemons running at
+	this point, it is possible to confirm that the
+	<acronym>KDC</acronym> is functioning by obtaining a ticket
+	for the principle that was just created:</para>
+
       <screen>&prompt.user; <userinput>kinit <replaceable>tillman</replaceable></userinput>
 tillman@EXAMPLE.ORG's Password:</screen>
 
@@ -1380,8 +1392,9 @@
 	<command>kadmin</command> will prompt for the password to get
 	a fresh ticket.  The principal authenticating to the kadmin
 	service must be permitted to use the <command>kadmin</command>
-	interface, as specified in <filename>kadmind.acl</filename>.
-	See the section titled <quote>Remote administration</quote> in
+	interface, as specified in
+	<filename>/var/heimdal/kadmind.acl</filename>.  See the
+	section titled <quote>Remote administration</quote> in
 	<command>info heimdal</command> for details on designing
 	access control lists.  Instead of enabling remote
 	<command>kadmin</command> access, the administrator could
@@ -1756,8 +1769,8 @@
 
 	<listitem>
 	  <para><link
-	      xlink:href="https://www.h5l.org/">Heimdal
-	      <application>Kerberos</application> home
+	      xlink:href="https://github.com/heimdal/heimdal/wiki">Heimdal
+	      <application>Kerberos</application> project wiki
 	      page</link></para>
 	</listitem>
       </itemizedlist>
