diff --git a/rest_framework/authtoken/serializers.py b/rest_framework/authtoken/serializers.py
index df0c48b86..90d3bd96e 100644
--- a/rest_framework/authtoken/serializers.py
+++ b/rest_framework/authtoken/serializers.py
@@ -16,6 +16,9 @@ class AuthTokenSerializer(serializers.Serializer):
             user = authenticate(username=username, password=password)
 
             if user:
+                # From Django 1.10 onwards the `authenticate` call simply
+                # returns `None` for is_active=False users.
+                # (Assuming the default `ModelBackend` authentication backend.)
                 if not user.is_active:
                     msg = _('User account is disabled.')
                     raise serializers.ValidationError(msg)