From 79521397310f5e4e200291b2e2380e8e58953f18 Mon Sep 17 00:00:00 2001
From: Patrick Schleizer <adrelanos@riseup.net>
Date: Thu, 5 Nov 2020 06:39:32 -0500
Subject: [PATCH] comment

---
 usr/lib/security-misc/pam-abort-on-locked-password | 4 ++++
 1 file changed, 4 insertions(+)

diff --git a/usr/lib/security-misc/pam-abort-on-locked-password b/usr/lib/security-misc/pam-abort-on-locked-password
index 8ea4cc5..38f1797 100755
--- a/usr/lib/security-misc/pam-abort-on-locked-password
+++ b/usr/lib/security-misc/pam-abort-on-locked-password
@@ -3,6 +3,10 @@
 ## Copyright (C) 2019 - 2020 ENCRYPTED SUPPORT LP <adrelanos@riseup.net>
 ## See the file COPYING for copying conditions.
 
+## This is only a usability feature to avoid needlessly bumping pam_tally2
+## counter. This is not a security feature.
+## https://forums.whonix.org/t/restrict-root-access/7658/1
+
 if ! passwd_output="$(passwd -S "$PAM_USER" 2>/dev/null)" ; then
    echo "$0: ERROR: user \"$PAM_USER\" does not exist." >&2
    exit 1