diff --git a/apparmor.d/abstractions/authentication.d/complete b/apparmor.d/abstractions/authentication.d/complete
index a4b5699a..6ecb0e31 100644
--- a/apparmor.d/abstractions/authentication.d/complete
+++ b/apparmor.d/abstractions/authentication.d/complete
@@ -1,2 +1,8 @@
 
   @{bin}/unix_chkpwd rPx,
+
+  #aa:only whonix
+  @{bin}/pam-tmpdir-helper rPx,
+  @{lib}/security-misc/pam_faillock_not_if_x rPx,
+  @{lib}/security-misc/pam-abort-on-locked-password rPx,
+  @{lib}/security-misc/pam-info rPx,
diff --git a/apparmor.d/groups/whonix/pam-abort-on-locked-password b/apparmor.d/groups/whonix/pam-abort-on-locked-password
new file mode 100644
index 00000000..958d0bf9
--- /dev/null
+++ b/apparmor.d/groups/whonix/pam-abort-on-locked-password
@@ -0,0 +1,23 @@
+# apparmor.d - Full set of apparmor profiles
+# Copyright (C) 2024 Alexandre Pujol <alexandre@pujol.io>
+# SPDX-License-Identifier: GPL-2.0-only
+
+abi <abi/3.0>,
+
+include <tunables/global>
+
+@{exec_path} = @{lib}/security-misc/pam-abort-on-locked-password
+profile pam-abort-on-locked-password @{exec_path} {
+  include <abstractions/base>
+  include <abstractions/nameservice-strict>
+
+  @{exec_path} mr,
+
+  @{sh_path}     rix,
+  @{bin}/passwd  rPx,
+  @{bin}/cut     rix,
+
+  owner /dev/tty rw,
+
+  include if exists <local/pam-abort-on-locked-password>
+}
\ No newline at end of file
diff --git a/apparmor.d/groups/whonix/pam-info b/apparmor.d/groups/whonix/pam-info
new file mode 100644
index 00000000..588e55a9
--- /dev/null
+++ b/apparmor.d/groups/whonix/pam-info
@@ -0,0 +1,30 @@
+# apparmor.d - Full set of apparmor profiles
+# Copyright (C) 2024 Alexandre Pujol <alexandre@pujol.io>
+# SPDX-License-Identifier: GPL-2.0-only
+
+abi <abi/3.0>,
+
+include <tunables/global>
+
+@{exec_path} = @{lib}/security-misc/pam-info
+profile pam-info @{exec_path} {
+  include <abstractions/base>
+  include <abstractions/nameservice-strict>
+
+  @{exec_path} mr,
+
+  @{sh_path}          rix,
+  @{bin}/faillock     rix,
+  @{bin}/grep         rix,
+  @{bin}/str_replace  rix,
+  @{bin}/wc           rix,
+  @{bin}/whoami       rix,
+
+  /etc/pam.d/* r,
+
+  @{run}/faillock/user rwk,
+
+  owner /dev/tty rw,
+
+  include if exists <local/pam-info>
+}
\ No newline at end of file
diff --git a/apparmor.d/groups/whonix/pam-tmpdir-helper b/apparmor.d/groups/whonix/pam-tmpdir-helper
new file mode 100644
index 00000000..436cdc71
--- /dev/null
+++ b/apparmor.d/groups/whonix/pam-tmpdir-helper
@@ -0,0 +1,24 @@
+# apparmor.d - Full set of apparmor profiles
+# Copyright (C) 2024 Alexandre Pujol <alexandre@pujol.io>
+# SPDX-License-Identifier: GPL-2.0-only
+
+abi <abi/3.0>,
+
+include <tunables/global>
+
+@{exec_path} = @{bin}/pam-tmpdir-helper
+profile pam-tmpdir-helper @{exec_path} {
+  include <abstractions/base>
+  include <abstractions/consoles>
+
+  capability chown,
+
+  @{exec_path} mr,
+
+  owner /tmp/user/ rw,
+  owner /tmp/user/@{uid}/ rw,
+
+  /dev/ptmx rw,
+
+  include if exists <local/pam-tmpdir-helper>
+}
\ No newline at end of file
diff --git a/apparmor.d/groups/whonix/pam_faillock_not_if_x b/apparmor.d/groups/whonix/pam_faillock_not_if_x
new file mode 100644
index 00000000..d85ddabc
--- /dev/null
+++ b/apparmor.d/groups/whonix/pam_faillock_not_if_x
@@ -0,0 +1,20 @@
+# apparmor.d - Full set of apparmor profiles
+# Copyright (C) 2024 Alexandre Pujol <alexandre@pujol.io>
+# SPDX-License-Identifier: GPL-2.0-only
+
+abi <abi/3.0>,
+
+include <tunables/global>
+
+@{exec_path} = @{lib}/security-misc/pam_faillock_not_if_x
+profile pam_faillock_not_if_x @{exec_path} {
+  include <abstractions/base>
+  include <abstractions/consoles>
+  include <abstractions/nameservice-strict>
+
+  @{exec_path} mr,
+
+  @{sh_path} rix,
+
+  include if exists <local/pam_faillock_not_if_x>
+}
\ No newline at end of file