From abd398509f77b2c0335dc02b06b697f4f2d0ecd0 Mon Sep 17 00:00:00 2001
From: Spencer T Brody <spencer@10gen.com>
Date: Fri, 5 Apr 2013 12:49:47 -0300
Subject: [PATCH] Add more details on the localhost auth bypass

---
 .../control-access-to-mongodb-with-authentication.txt       | 6 +++++-
 1 file changed, 5 insertions(+), 1 deletion(-)

diff --git a/source/tutorial/control-access-to-mongodb-with-authentication.txt b/source/tutorial/control-access-to-mongodb-with-authentication.txt
index 6c8dcb68718..20b45ffb9c1 100644
--- a/source/tutorial/control-access-to-mongodb-with-authentication.txt
+++ b/source/tutorial/control-access-to-mongodb-with-authentication.txt
@@ -159,7 +159,11 @@ If there are no users for the ``admin`` database, you may connect via
 the localhost interface. That is, if running :program:`mongod` or
 :program:`mongos` with :setting:`auth` or :setting:`keyFile`, you can
 connect from a client running on the same system as the
-:program:`mongod` or :program:`mongos`.
+:program:`mongod` or :program:`mongos`, and your connection will be 
+given full administrative access. This is by design and makes it easier
+to bootstrap new deployments.  If you do not want this behavior, it 
+can be disabled by using the "enableLocalhostAuthBypass" setParameter
+startup option.  See :doc:`/reference/parameters/#param.enableLocalhostAuthBypass`
 
 .. note::