From a02149cf6503c7d85093a32b86f3e18f3e313bcb Mon Sep 17 00:00:00 2001
From: Miroslav Lichvar <mlichvar@redhat.com>
Date: Fri, 21 Mar 2014 15:47:33 +0100
Subject: [PATCH] doc: improve commandkey and keyfile descriptions

---
 chrony.texi.in | 4 +++-
 1 file changed, 3 insertions(+), 1 deletion(-)

diff --git a/chrony.texi.in b/chrony.texi.in
index 2128944..255b15e 100644
--- a/chrony.texi.in
+++ b/chrony.texi.in
@@ -1476,7 +1476,7 @@ When running the chronyc program to perform run-time configuration,
 the command
 
 @example
-password foobar
+password HEX:B028F91EA5C38D06C2E140B26C7F41EC
 @end example
 
 must be entered before any commands affecting the operation of the
@@ -1754,6 +1754,8 @@ password can be encoded as a string of characters not containing a space with
 optional @code{ASCII:} prefix or as a hexadecimal number with @code{HEX:}
 prefix.
 
+The password is used with the hash function to generate and verify a message
+authentication code (MAC) in NTP and command packets.
 For maximum security, it's recommended to use SHA1 or stronger hash function.
 The passwords should be random and they should be as long as the output size of
 the configured hash function, e.g. 160 bits with SHA1.