diff --git a/README_SETUP.md b/README_SETUP.md
index 5cbd85ab73bc200fe8534508be1f4538ac1dad88..f47f5a08624c20de194829b3534d72c2e06b461c 100644
--- a/README_SETUP.md
+++ b/README_SETUP.md
@@ -119,6 +119,8 @@ server:
     * Maybe set another `SESSION_TIMEOUT_MS`.
     * See also [README_CONFIGURATION.md](README_CONFIGURATION.md)
 6. Copy `conf/core/usersources.ini.template` to `conf/ext/usersources.ini`.
+    * You can skip this if you do not want to use an external authentication. 
+	  Local users (CaosDB realm) are always available.
     * Define the users/groups who you want to include/exclude.
     * Assign at least one user the `administration` role.
       * For example, if the admin user is called `caosdb`, there should be the
diff --git a/conf/core/usersources.ini.template b/conf/core/usersources.ini.template
index 9053093eba21af0adcc5846112932a8a84b8250c..2e0fe2490a65b53022d8d0edff6495f3b92ec10a 100644
--- a/conf/core/usersources.ini.template
+++ b/conf/core/usersources.ini.template
@@ -22,14 +22,19 @@
 # ** end header
 #
 
-# `realms` is a comma and/or space separated list of realms which users can use for authentication
+# This file configures external authentication providers. The CaosDB realm is
+# always available (without being defined here).
+
+# `realms` is a comma and/or space separated list of realms which users can 
+# use for authentication
+# Currently available: PAM
 realms = PAM
 
 # This is the default realm, to be used when no other realms is specified
 defaultRealm = PAM
 
-# Each realm has one section with specific options.  The options for a specific realm can be looked
-# up in that realm's documentation.
+# Each realm has one section with specific options.  The options for a specific 
+# realm can be looked up in that realm's documentation.
 #
 # Hint: Realms are implemented by classes which are typically in the
 # org.caosdb.server.accessControl.Pam package and implement the UserSource interface.
diff --git a/src/doc/administration/maintenance.rst b/src/doc/administration/maintenance.rst
index 8a3397614b409a4ad498d0d8898c79cd0eb69bd6..67d8475bf469957416a6f42e495db07b1533f151 100644
--- a/src/doc/administration/maintenance.rst
+++ b/src/doc/administration/maintenance.rst
@@ -57,3 +57,11 @@ If you want to restore the entities exported to XML, you can do::
          cont = cont.from_xml(fi.read())                                                                                                                  
      cont.insert()
                                             
+User Management
+---------------
+The configuration of authentication mechanisms is done via the 
+``usersources.ini`` file (see :any:`configuration`).
+
+We recommend the Python tools (:any:`caosdb-pylib:Administration`) for further administrative tasks (e.g. setting
+user passwords).
+