From db5cc2a35988ce2949023aed481d00b98bcdcfe3 Mon Sep 17 00:00:00 2001
From: Fabian Keil <fk@fabiankeil.de>
Date: Mon, 4 Apr 2016 17:37:05 +0200
Subject: [PATCH 132/325] geli.8: Document the fact that both User Keys share
 an iteration value

... more explicitly.

Obtained from: ElectroBSD
---
 lib/geom/eli/geli.8 | 7 +++++++
 1 file changed, 7 insertions(+)

diff --git a/lib/geom/eli/geli.8 b/lib/geom/eli/geli.8
index 31bb5e386554..23bad1999806 100644
--- a/lib/geom/eli/geli.8
+++ b/lib/geom/eli/geli.8
@@ -812,6 +812,13 @@ the kernel from the Master Key and cached in memory.
 The number of Data Keys used by a given provider, and the way they are
 derived, depend on the GELI version and whether the provider is configured to
 use data authentication.
+.Sh USER KEY LIMITATION
+If the first User Key uses a passphrase, the second one has to use
+a passphrase as well.
+If the first User Key does not use a passphrase, the second one can
+not use a passphrase either.
+This limitation comes from the metadata format on disk which
+currently only stores one iteration count for both keys.
 .Sh SYSCTL VARIABLES
 The following
 .Xr sysctl 8
-- 
2.32.0