Rating: 

May i point out that SESAME at http://www.cosic.esat.kuleuven.ac.be/sesame/ (referenced in chapter 1) has a book out now.

On the downside, i still feel that there should be more information about the difference between the two distributions (MIT & Heimdal). Perhaps sumarized in a table. No doubt that i will be wiser after reading the book closley. But i like to install software and experiment as i read. While both MIT and Heimdal uses a db, Heimdal can use LDAP as backend. Unfortunatly that is not covered in the book. Probably because it is experimental at this stage.

I must inform that there is another player out there called GNU Shushi (http://www.gnu.org/software/shishi/ & http://savannah.gnu.org/projects/shishi) and even if it is Alpha seems to be updated regulary.

Also on the chapter on security there are two references to Dug Song's web site.

Unfortunatly, Dug Song has in protes of the DIGITAL MILLENNIUM COPYRIGHT ACT. You can still find patch to John the Ripper at : http://www.monkey.org/~dugsong/john-1.6.krb4.patch-3 (referenced on page 104), but the link : http://www.monkey.org/~dugsong/kdcspoof.tgz is wrong. It should be http://www.monkey.org/~dugsong/kdcspoof.tar.gz (referenced on page 109).

There are some security related Kerberos papers at : http://www.gnu.org/software/shishi/research.html

If chapter 3 is a little bit to technical for you, i suggest you read the "Designing an Authentication System: a Dialogue in Four Scenes". You can find it at http://web.mit.edu/kerberos/www/dialogue.html. This could have been an appendix.

I certanly hope the author and O'Reilly will add some updates and extras articles on the O'Reilly Network.

If you are looking for a good book about Kerberos, i belive this is it.