diff --git a/sys/man/8/auth b/sys/man/8/auth
index 6c41e4faf..d5461eb94 100644
--- a/sys/man/8/auth
+++ b/sys/man/8/auth
@@ -23,6 +23,7 @@ changeuser, convkeys, printnetkey, status, enable, disable, authsrv, guard.srv,
 .I user
 .PP
 .B auth/authsrv
+.RB [ -N ]
 .PP
 .B auth/guard.srv
 .PP
@@ -180,14 +181,20 @@ Netkey keys for individual users.
 .I Authsrv
 is the program, run only on the authentication server, that handles ticket requests
 on TCP port 567.
-It is started
-by an incoming call to the server
+It is started by an incoming call to the server
 requesting a conversation ticket; its standard input and output
 are the network connection.
 .I Authsrv
 executes the authentication server's end of the appropriate protocol as
 described in
 .IR authsrv (6).
+The
+.B -N
+flag disables legacy bruteforceable DES-encrypted tickes as used by the
+.B p9sk1
+protocol, forcing the use of new
+.B dp9ik
+password authenticated key exchange.
 .PP
 .I Guard.srv
 is similar.  It is called whenever a foreign (e.g. Unix) system wants