From 154f62f94084b476cbd77d142a4e7892752d4fb3 Mon Sep 17 00:00:00 2001
From: markofu <markh@server>
Date: Thu, 25 Oct 2012 15:58:03 +0100
Subject: [PATCH] Clarified the hash issue further

---
 .../control-access-to-mongodb-with-authentication.txt | 11 +++++++++--
 1 file changed, 9 insertions(+), 2 deletions(-)

diff --git a/draft/tutorial/control-access-to-mongodb-with-authentication.txt b/draft/tutorial/control-access-to-mongodb-with-authentication.txt
index 13077227b39..bed199b0d85 100644
--- a/draft/tutorial/control-access-to-mongodb-with-authentication.txt
+++ b/draft/tutorial/control-access-to-mongodb-with-authentication.txt
@@ -203,21 +203,28 @@ Given this scenario, Eve can take the hash of Alice’s password from the
       { "_id": ObjectId("507420ba032a960d16f43951"), "user": "eve", "readOnly": false, "pwd": "5dcc2819b97e68d5cfe51da6cae8a7f6" }
 
    Alice has read and write accounts on both ``db1`` and ``db2`` and
-   also has access on the ``admin`` database. Consider the following:
+   also has access on the ``admin`` database. Consider the following
+   example where Alice authenticates to the ``admin`` db:
 
    .. code-block:: javascript
 
       use admin
       db.auth("alice", "pass")
 
+   Running a ``find`` on the ``system.users`` collection:
+
+   .. code-block:: javascript
+
       db.system.users.find()
 
-   This operation returns the following document:
+   shows the same password has been used and the hash is the same:
 
    .. code-block:: javascript
 
       { "_id": ObjectId("50742045032a960d16f43950"), "user": "alice", "readOnly": false, "pwd": "ac2061b4a08ef8f2d60a07dc18ab4a0a" }
 
+We would like to thank Will Urbanksi, from Dell SecureWorks, for helping 10gen here.
+
 Configuration Considerations for Authentication
 -----------------------------------------------