diff --git a/source/tutorial/control-access-to-mongodb-with-authentication.txt b/source/tutorial/control-access-to-mongodb-with-authentication.txt
index 6c8dcb68718..20b45ffb9c1 100644
--- a/source/tutorial/control-access-to-mongodb-with-authentication.txt
+++ b/source/tutorial/control-access-to-mongodb-with-authentication.txt
@@ -159,7 +159,11 @@ If there are no users for the ``admin`` database, you may connect via
 the localhost interface. That is, if running :program:`mongod` or
 :program:`mongos` with :setting:`auth` or :setting:`keyFile`, you can
 connect from a client running on the same system as the
-:program:`mongod` or :program:`mongos`.
+:program:`mongod` or :program:`mongos`, and your connection will be 
+given full administrative access. This is by design and makes it easier
+to bootstrap new deployments.  If you do not want this behavior, it 
+can be disabled by using the "enableLocalhostAuthBypass" setParameter
+startup option.  See :doc:`/reference/parameters/#param.enableLocalhostAuthBypass`
 
 .. note::