Auth codes are used so that the creator of a support request can identify themselves as the owner of that request, regardless of whether or not they are logged in, whether or not they are a user, etc. However, the existing code rejects non-users (people who file requests but don't have accounts on the system) from being authorized because they're not setting the $remote variable. The patch changes the logic a bit, which enables non-users to append information to their requests by way of comments. Also, it allows non-users, who have filed their requests in non-public support categories, to view their requests.
Since I'm not sure I fixed that the best way, any other suggested changes are welcome :-)
Example is here.