+the list by name. Proper prompts are given. A similar editing function is
+made available for the host acl list.
+
+manpagesection(ENCRYPTION PUBLIC KEYS)
+The directory associates two types of public encryption keys with the user,
+a PGP key fingerprint and a SSH RSA authentication key. It is not possible for
+a user to change their associated key fingerprint, that can only be done by
+the keyring maintainers after performing reasonable verification of the new
+key. Who ever controls the PGP key can make any modification to the LDAP
+account by using the PGP mail gateways.
+
+SSH RSA authentication keys are used by the SSH protocol to authenticate a
+user based on a cryptographic challenge. These keys pairs are created by the
+ssh-keygen program. The public version that is stored in the directory is
+generally placed in a file called identity.pub. SSH RSA authentication keys
+are password equivelents, whoever has the private half of the key can use it
+to login to any machine, but not affect changes to the LDAP entry. SSH
+authentication keys are kept private.
+
+manpagesection(NOTES)
+To lock out an account take the password and prepend *LK* before the hash
+and after the {crypt} this is understood by ssh, shadow and the mailgateway to
+indicate a disabled account. No manipulations what so ever will be permitted.