From: Miroslav Lichvar <mlichvar@redhat.com>
Date: Tue, 12 Apr 2016 10:27:31 +0000 (+0200)
Subject: doc: improve answer in FAQ for error 501 Not authorised
X-Git-Tag: 2.4-pre1~12
X-Git-Url: http://git.ipfire.org/cgi-bin/gitweb.cgi?a=commitdiff_plain;h=7d7bf915ac9d66eb9ed801090c7738d3ca640a2a;p=thirdparty%2Fchrony.git

doc: improve answer in FAQ for error 501 Not authorised
---

diff --git a/doc/faq.adoc b/doc/faq.adoc
index 9a4b721c..d8d775af 100644
--- a/doc/faq.adoc
+++ b/doc/faq.adoc
@@ -271,8 +271,14 @@ Perhaps you have a firewall set up in a way that blocks packets on port
 === I keep getting the error +501 Not authorised+
 
 Since version 2.2, the +password+ command doesn't do anything and +chronyc+
-needs to run under the root or chrony user, which are allowed to access the
-Unix domain command socket.
+needs to run locally under the root or _chrony_ user, which are allowed to
+access the +chronyd+'s Unix domain command socket.
+
+With older versions, you need to authenticate with the +password+ command or
+use the +-a+ option to authenticate automatically.  The configuration file
+needs to specify a file which contains keys (+keyfile+ directive) and which key
+in the key file should be used for +chronyc+ authentication (+commandkey+
+directive).
 
 === Is the +chronyc+ / +chronyd+ protocol documented anywhere?