diff --git a/doc/sample.config b/doc/sample.config
index de5a59b0..648b2640 100644
--- a/doc/sample.config
+++ b/doc/sample.config
@@ -1,7 +1,7 @@
 # User authentication method. Could be set multiple times and in 
 # that case all should succeed. To enable multiple methods use
 # multiple auth directives. Available options: certificate, 
-# plain, pam, radius[config=configfile,groupconfig=trueval], gssapi.
+# plain, pam, radius, gssapi.
 #
 # Note that authentication methods cannot be changed with reload.
 
@@ -9,8 +9,8 @@
 #  This indicates that all connecting users must present a certificate.
 #
 # pam[gid-min=1000]:
-#  The gid-min option is used by auto-select-group option, in order to
-# select the minimum valid group ID.
+#  This enabled PAM authentication of the user. The gid-min option is used 
+# by auto-select-group option, in order to select the minimum valid group ID.
 #
 # plain[passwd=/etc/ocserv/ocpasswd]
 #  The plain option requires specifying a password file which contains
@@ -216,7 +216,9 @@ min-reauth-time = 300
 # Banning clients in ocserv works with a point system. IP addresses
 # that get a score over that configured number are banned for
 # min-reauth-time seconds. A wrong password attempt is 10 points,
-# a KKDCP POST is 1 point, and a connection is 1 point.
+# a KKDCP POST is 1 point, and a connection is 1 point. Note that
+# due to difference processes being involved the count of points
+# will not be real-time precise.
 #
 # Set to zero to disable.
 max-ban-score = 50
diff --git a/src/ocserv-args.def b/src/ocserv-args.def
index cced1566..f8aaa426 100644
--- a/src/ocserv-args.def
+++ b/src/ocserv-args.def
@@ -76,7 +76,7 @@ An example configuration file follows.
 # User authentication method. Could be set multiple times and in 
 # that case all should succeed. To enable multiple methods use
 # multiple auth directives. Available options: certificate, 
-# plain, pam, radius[config=configfile,groupconfig=trueval], gssapi.
+# plain, pam, radius, gssapi.
 #
 # Note that authentication methods cannot be changed with reload.
 
@@ -84,8 +84,8 @@ An example configuration file follows.
 #  This indicates that all connecting users must present a certificate.
 #
 # pam[gid-min=1000]:
-#  The gid-min option is used by auto-select-group option, in order to
-# select the minimum valid group ID.
+#  This enabled PAM authentication of the user. The gid-min option is used 
+# by auto-select-group option, in order to select the minimum valid group ID.
 #
 # plain[passwd=/etc/ocserv/ocpasswd]
 #  The plain option requires specifying a password file which contains
@@ -291,7 +291,9 @@ min-reauth-time = 120
 # Banning clients in ocserv works with a point system. IP addresses
 # that get a score over that configured number are banned for
 # min-reauth-time seconds. A wrong password attempt is 10 points,
-# a KKDCP POST is 1 point, and a connection is 1 point.
+# a KKDCP POST is 1 point, and a connection is 1 point. Note that
+# due to difference processes being involved the count of points
+# will not be real-time precise.
 #
 # Set to zero to disable.
 max-ban-score = 50