Index: lib/libpam/modules/pam_unix/pam_unix.c
===================================================================
--- lib/libpam/modules/pam_unix/pam_unix.c
+++ lib/libpam/modules/pam_unix/pam_unix.c
@@ -94,6 +94,7 @@
 	struct passwd *pwd;
 	int retval;
 	const char *pass, *user, *realpw, *prompt;
+	const char *nopasswd = "\0";
 
 	if (openpam_get_option(pamh, PAM_OPT_AUTH_AS_SELF)) {
 		user = getlogin();
@@ -116,12 +117,22 @@
 			PAM_LOG("Password is empty, using fake password");
 			realpw = "*";
 		}
+		/*
+		 * Check whether the saved password hash matches the one
+		 * generated from an empty password - as opposed to empty
+		 * saved password hash, which is handled above.
+		 */
+		if (strcmp(crypt(nopasswd, realpw), realpw) == 0 &&
+		    !(flags & PAM_DISALLOW_NULL_AUTHTOK) &&
+		    openpam_get_option(pamh, PAM_OPT_NULLOK))
+			return (PAM_SUCCESS);
 		lc = login_getpwclass(pwd);
 	} else {
 		PAM_LOG("Doing dummy authentication");
 		realpw = "*";
 		lc = login_getclass(NULL);
 	}
+
 	prompt = login_getcapstr(lc, "passwd_prompt", NULL, NULL);
 	retval = pam_get_authtok(pamh, PAM_AUTHTOK, &pass, prompt);
 	login_close(lc);