* man/newusers.8.xml: PAM enabled version: describe how passwords

are updated and how newusers behave in case of error.

ChangeLog

@@ -1,3 +1,8 @@
+2009-05-11  Nicolas François  <nicolas.francois@centraliens.net>
+
+	* man/newusers.8.xml: PAM enabled version: describe how passwords
+	are updated and how newusers behave in case of error.
+
 2009-05-10  Nicolas François  <nicolas.francois@centraliens.net>
 
 	* NEWS, configure.in: New release will be 4.1.4.

man/newusers.8.xml

@@ -211,6 +211,13 @@
       databases. If an error occurs (except in the final writes to the
       databases), no changes are committed to the databases.
     </para>
+    <para condition="pam">
+      During this first pass, users are created with a locked password
+      (and passwords are not changed for the users which are not created).
+      A second pass is used to update the passwords using PAM.  Failures
+      to update a password are reported, but will not stop the other
+      password updates.
+    </para>
 
     <para>
       This command is intended to be used in a large system environment
@@ -297,12 +304,6 @@
       The input file must be protected since it contains unencrypted
       passwords.
     </para>
-    <para condition="pam">
-      PAM is not used to update the passwords.
-      Only <filename>/etc/passwd</filename> and
-      <filename>/etc/shadow</filename> are updated, and the various checks
-      or options provided by PAM modules are not used.
-    </para>
   </refsect1>
 
   <refsect1 id='configuration'>