From f01ffc62995008321006fb5f613c0c15acac3dfe Mon Sep 17 00:00:00 2001
From: Fabian Keil <fk@fabiankeil.de>
Date: Mon, 4 Apr 2016 17:37:05 +0200
Subject: [PATCH 191/257] geli.8: Document the fact that both User Keys share
 an iteration value

... more explicitly.

Obtained from: ElectroBSD
---
 sbin/geom/class/eli/geli.8 | 7 +++++++
 1 file changed, 7 insertions(+)

diff --git a/sbin/geom/class/eli/geli.8 b/sbin/geom/class/eli/geli.8
index 22660544db53..fdbf60c84240 100644
--- a/sbin/geom/class/eli/geli.8
+++ b/sbin/geom/class/eli/geli.8
@@ -770,6 +770,13 @@ the kernel from the Master Key and cached in memory.
 The number of Data Keys used by a given provider, and the way they are
 derived, depend on the GELI version and whether the provider is configured to
 use data authentication.
+.Sh USER KEY LIMITATION
+If the first User Key uses a passphrase, the second one has to use
+a passphrase as well.
+If the first User Key does not use a passphrase, the second one can
+not use a passphrase either.
+This limitation comes from the metadata format on disk which
+currently only stores one iteration count for both keys.
 .Sh SYSCTL VARIABLES
 The following
 .Xr sysctl 8
-- 
2.11.0