diff --git a/goatherd.go b/goatherd.go
index 6891a9e725d70a0f8479da906c5cea0d66fadd99..3c1e3919abbcba99ef72101b5fe7b6a39fb888a1 100644
--- a/goatherd.go
+++ b/goatherd.go
@@ -52,12 +52,8 @@ var cfg struct {
 // protect the _sending of responses_, not database access or anything else.
 // The reason is that we want to avoid keeping state for non-existent users and
 // only after talking to the database do we know if a user exists.
-//
-// Access to the map itself is synchronized by faildelay.lock. It is only
-// neccessary to grab the lock for writing when a user is inserted into the map
-// (i.e first login attempt), otherwise a read lock suffices.
 var faildelay struct {
-    lock sync.RWMutex
+    sync.RWMutex // protects userlocks
     userlocks map[string]*sync.Mutex
 }
 
@@ -265,20 +261,20 @@ func handle_conn(db *sql.DB, conn net.Conn) {
     log.Printf("%v: %v", name, result)
 
     // name exists, get or create its lock
-    faildelay.lock.RLock()
+    faildelay.RLock()
     delay, exists := faildelay.userlocks[name]
-    faildelay.lock.RUnlock()
+    faildelay.RUnlock()
     if !exists {
         debugf("[%v] not yet in faildelay.userlocks", remote)
 
         // no atomic upgrade with sync.RWMutex, so we have to do the lookup again
-        faildelay.lock.Lock()
+        faildelay.Lock()
         delay, exists = faildelay.userlocks[name]
         if !exists {
             delay = new(sync.Mutex)
             faildelay.userlocks[name] = delay
         }
-        faildelay.lock.Unlock()
+        faildelay.Unlock()
     }
 
     delay.Lock()